Linux Kernel Firewire Test Vulnerability Affecting Multiple Linux Distributions
CVE-2025-21798

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A potential null dereference vulnerability exists in the Linux kernel's firewire kunit test framework. This issue arises when the function kunit_kzalloc() returns a NULL pointer. If this NULL pointer is dereferenced without an appropriate check, it could lead to system instability or crashes. The vulnerability has been addressed by adding a NULL check for the relevant test state, enhancing the robustness of the test framework. Users are encouraged to update their Linux kernel to mitigate this risk.

Affected Version(s)

Linux 1c8506d62624fbc57db75414a387f365da8422e9

Linux 1c8506d62624fbc57db75414a387f365da8422e9 < 70fcb25472d90dd3b87cbee74b9eb68670b0c7b8

Linux 1c8506d62624fbc57db75414a387f365da8422e9 < 352fafe97784e81a10a7c74bd508f71a19b53c2a

References

https://git.kernel.org/stable/c/c6896bf4c611c3dd126f3e036...

https://git.kernel.org/stable/c/70fcb25472d90dd3b87cbee74...

https://git.kernel.org/stable/c/352fafe97784e81a10a7c74bd...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024