NULL Pointer Dereference in Linux Kernel Affecting es58x Driver
CVE-2025-21773

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-21773?

A vulnerability exists in the Linux kernel affecting the es58x driver, where a NULL pointer dereference could occur if an attacker successfully spoofed the USB device's serial number. The assumption that the device's serial number would always be present is not valid in all cases, as the driver failed to account for potential manipulation. As a result, a check for a NULL value should be integrated to ensure the integrity of the system and prevent exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 9f06631c3f1f0f298536443df85a6837ba4c5f5c < 1590667a60753ee5a54871f2840ceefd4a7831fa

Linux 9f06631c3f1f0f298536443df85a6837ba4c5f5c < 722e8e1219c8b6ac2865011fe339315d6a8d0721

Linux 9f06631c3f1f0f298536443df85a6837ba4c5f5c < 5059ea98d7bc133903d3e47ab36df6ed11d0c95f

References

https://git.kernel.org/stable/c/1590667a60753ee5a54871f28...

https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe...

https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21773?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.