PT-2025-11009 · Linux+8 · Linux Kernel+8

Curtis Malainey

·

Published

2025-02-05

·

Updated

2026-04-20

·

CVE-2025-21847

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A null pointer dereference issue exists in the Linux kernel. The problem arises from not checking the nullity of cstream in the sof ipc msg data() function, similar to the check performed in the sof set stream data offset() function. This can lead to a null pointer dereference when sps->stream is null.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:20095
ALSA-2025:20518
ALT-PU-2025-12647
ALT-PU-2025-4807
AZL-58544
BDU:2025-12190
CVE-2025-21847
INFSA-2025_20518
MGASA-2025-0111
MGASA-2025-0112
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7703-1
USN-7703-2
USN-7703-3
USN-7703-4
USN-7719-1
USN-7737-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu