NULL Pointer Dereference in Linux Kernel Affecting es58x Driver
CVE-2025-21773

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the Linux kernel affecting the es58x driver, where a NULL pointer dereference could occur if an attacker successfully spoofed the USB device's serial number. The assumption that the device's serial number would always be present is not valid in all cases, as the driver failed to account for potential manipulation. As a result, a check for a NULL value should be integrated to ensure the integrity of the system and prevent exploitation.

Affected Version(s)

Linux 9f06631c3f1f0f298536443df85a6837ba4c5f5c < 1590667a60753ee5a54871f2840ceefd4a7831fa

Linux 9f06631c3f1f0f298536443df85a6837ba4c5f5c < 722e8e1219c8b6ac2865011fe339315d6a8d0721

Linux 9f06631c3f1f0f298536443df85a6837ba4c5f5c < 5059ea98d7bc133903d3e47ab36df6ed11d0c95f

References

https://git.kernel.org/stable/c/1590667a60753ee5a54871f28...

https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe...

https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024