Null Pointer Dereference Vulnerability in Linux Kernel's NFP Module
CVE-2025-21848
5.5MEDIUM
Summary
A null pointer dereference vulnerability has been identified in the NFP module of the Linux kernel. The issue arises from the failure to check the return value of the nfp_app_ctrl_msg_alloc() function in the nfp_bpf_cmsg_alloc() routine. This oversight can lead to potential crashes or erratic behavior in systems utilizing the affected kernel versions. It is crucial for users and administrators to ensure their systems are updated with the latest patches to mitigate the risks associated with this vulnerability.
Affected Version(s)
Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c
Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c
Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c < 924b239f9704566e0d86abd894d2d64bd73c11eb
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved