Linux Kernel Vulnerability in Vsock Transport Mechanism
CVE-2025-21755

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-21755?

A vulnerability in the Linux kernel's vsock transport mechanism allows for a null pointer dereference during the socket release process. This occurs because the function sock_orphan() is invoked without properly managing the socket's state, resulting in sk->sk_wq being set to NULL. If the SO_LINGER option is enabled, this improper handling leads to dereferencing a null pointer in virtio_transport_wait_close(), which can cause system instability and vulnerabilities. The issue primarily affects sockets after transport release, necessitating careful management of resource release to ensure system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux e7754d564579a5db9c5c9f74228df5d6dd6f1173

Linux e48fcb403c2d0e574c19683f09399ab4cf67809c

Linux 42b33381e5e1f2b967dc4fb4221ddb9aaf10d197 < 631e00fdac7acca676103d6cbc96eb152625f449

References

https://git.kernel.org/stable/c/c6acb650a73d5705a93b9c5a2...

https://git.kernel.org/stable/c/bab61f41c942a20ef7b4feea5...

https://git.kernel.org/stable/c/631e00fdac7acca676103d6cb...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21755?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.