CVE-2025-21669

Feb. 4, 2025, 3:38 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leading to a NULL pointer dereference.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.13

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-476
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.13 rc1 / / / / / /
o linux linux_kernel 6.13 rc2 / / / / / /
o linux linux_kernel 6.13 rc3 / / / / / /
o linux linux_kernel 6.13 rc4 / / / / / /
o linux linux_kernel 6.13 rc5 / / / / / /
o linux linux_kernel 6.13 rc6 / / / / / /
o linux linux_kernel 6.13 rc7 / / / / / /

References

https://git.kernel.org/stable/c/18a7fc371d1dbf8deff16c2dd9292bcc73f43040
https://git.kernel.org/stable/c/2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1
https://git.kernel.org/stable/c/6486915fa661584d70e8e7e4068c6c075c67dd6d
https://git.kernel.org/stable/c/677579b641af109613564460a4e3bdcb16850b61
https://git.kernel.org/stable/c/88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee
https://git.kernel.org/stable/c/d88b249e14bd0ee1e46bbe4f456e22e01b8c68de

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-476
2025-01-31
CVE-2025-21669

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Jan. 31, 2025, 12:15 p.m.
Last Modified: Feb. 4, 2025, 3:38 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.