Null Pointer Dereference Vulnerability in Linux Kernel's NFP Module
CVE-2025-21848

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A null pointer dereference vulnerability has been identified in the NFP module of the Linux kernel. The issue arises from the failure to check the return value of the nfp_app_ctrl_msg_alloc() function in the nfp_bpf_cmsg_alloc() routine. This oversight can lead to potential crashes or erratic behavior in systems utilizing the affected kernel versions. It is crucial for users and administrators to ensure their systems are updated with the latest patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c

Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c < 924b239f9704566e0d86abd894d2d64bd73c11eb

References

https://git.kernel.org/stable/c/d64c6ca420019712e194fe095...

https://git.kernel.org/stable/c/e976ea6c5e1b005c64467cbf9...

https://git.kernel.org/stable/c/924b239f9704566e0d86abd89...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024