Null Pointer Dereference Vulnerability in Linux Kernel vsock Related Functions
CVE-2025-21670

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

A vulnerability in the Linux kernel's vsock handling can cause a null pointer dereference error due to the absence of an assigned transport. If a socket is in a state where the transport is not set, such as after a connection failure, it may lead to unsafe kernel operations. This flaw can be triggered in various situations, particularly during socket message retrieval, and poses a risk of system instability and unexpected behaviors. To mitigate this risk, it is crucial to ensure checks on the transport layer are properly implemented.

Affected Version(s)

Linux 634f1a7110b439c65fd8a809171c1d2d28bcea6f < 58e586c30d0b6f5dc0174a41026f2b0a48c9aab6

Linux 634f1a7110b439c65fd8a809171c1d2d28bcea6f < 6771e1279dadf1d92a72e1465134257d9e6f2459

Linux 634f1a7110b439c65fd8a809171c1d2d28bcea6f

References

https://git.kernel.org/stable/c/58e586c30d0b6f5dc0174a410...

https://git.kernel.org/stable/c/6771e1279dadf1d92a72e1465...

https://git.kernel.org/stable/c/f6abafcd32f9cfc4b1a2f820e...

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024