PT-2025-16694 · Linux+6 · Linux Kernel+6

Publicado

2025-04-04

·

Atualizado

2026-04-20

·

CVE-2025-22054

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the arcnet module. The com20020pci probe() function does not check for NULL returns from devm kasprintf(), which can lead to a NULL pointer dereference when memory allocation fails. This issue has been resolved by adding a NULL check after devm kasprintf() to prevent the problem and ensure that no resources are left allocated.
Recommendations For the affected Linux kernel versions, add a NULL check after devm kasprintf() in the com20020pci probe() function to prevent the NULL pointer dereference issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2025-12647
ALT-PU-2025-6382
ALT-PU-2025-6606
ALT-PU-2025-7195
BDU:2025-12114
CVE-2025-22054
DLA-4178-1
DLA-4193-1
DSA-5907-1
ECHO-7BC6-0264-3FD5
MGASA-2025-0142
MGASA-2025-0146
OESA-2025-1878
OESA-2025-1879
OESA-2025-1880
USN-7585-1
USN-7585-2
USN-7585-3
USN-7585-4
USN-7585-5
USN-7585-6
USN-7585-7
USN-7591-1
USN-7591-2
USN-7591-3
USN-7591-4
USN-7591-5
USN-7591-6
USN-7592-1
USN-7593-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7597-1
USN-7597-2
USN-7598-1
USN-7602-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7640-1
USN-7655-1
USN-7835-1
USN-7835-2
USN-7835-3
USN-7835-4
USN-7835-5
USN-7835-6
USN-7887-1
USN-7887-2
USN-7940-1
USN-7940-2

Produtos afetados

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu