Null Pointer Dereference Vulnerability in Linux Kernel's NFP Module
CVE-2025-21848

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

What is CVE-2025-21848?

A null pointer dereference vulnerability has been identified in the NFP module of the Linux kernel. The issue arises from the failure to check the return value of the nfp_app_ctrl_msg_alloc() function in the nfp_bpf_cmsg_alloc() routine. This oversight can lead to potential crashes or erratic behavior in systems utilizing the affected kernel versions. It is crucial for users and administrators to ensure their systems are updated with the latest patches to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c

Linux ff3d43f7568c82b335d7df2d40a31447c3fce10c < 924b239f9704566e0d86abd894d2d64bd73c11eb

References

https://git.kernel.org/stable/c/d64c6ca420019712e194fe095...

https://git.kernel.org/stable/c/e976ea6c5e1b005c64467cbf9...

https://git.kernel.org/stable/c/924b239f9704566e0d86abd89...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21848?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.