Kernel Vulnerability in Linux Affecting Null Pointer Dereference
CVE-2025-21852

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability in the Linux kernel allows a BPF program to trigger a null pointer dereference in trace_kfree_skb when it fails to validate the rx_sk argument. The addition of kfree_skb to raw_tp_null_args enables the BPF verifier to detect invalid memory accesses, mitigating the risk of system instability caused by such programs. This issue emphasizes the importance of validating all pointer arguments in BPF programs, ensuring robustness and security within the Linux environment.

Affected Version(s)

Linux c53795d48ee8f385c6a9e394651e7ee914baaeba

Linux c53795d48ee8f385c6a9e394651e7ee914baaeba < 4dba79c1e7aad6620bbb707b6c4459380fd90860

Linux c53795d48ee8f385c6a9e394651e7ee914baaeba < 5da7e15fb5a12e78de974d8908f348e279922ce9

References

https://git.kernel.org/stable/c/f579afacd0a66971fc8481f30...

https://git.kernel.org/stable/c/4dba79c1e7aad6620bbb707b6...

https://git.kernel.org/stable/c/5da7e15fb5a12e78de974d890...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024