PT-2025-14361 · Linux+7 · Linux Kernel+7

Published

2025-03-05

·

Updated

2026-05-22

·

CVE-2025-21980

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A potential NULL pointer dereference in the GRED scheduler has been resolved. The issue occurs when kzalloc in gred init returns a NULL pointer, leading to a call to gred destroy, which in turn calls gred offload. In gred offload, memset could receive a NULL pointer as input, potentially causing a kernel crash. This happens because table->opt is NULL in gred init(), making it unnecessary to call ->ndo setup tc() in gred offload().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-5786
AZL-59901
BDU:2025-12182
CVE-2025-21980
DLA-4193-1
DSA-5900-1
ECHO-9DE4-1EC7-11F0
MGASA-2025-0142
MGASA-2025-0146
OESA-2026-2417
OESA-2026-2418
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01707-1
SUSE-SU-2025:01614-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:20343-1
SUSE-SU-2025:20344-1
SUSE-SU-2025:20354-1
SUSE-SU-2025:20355-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu