PT-2025-14591 · Linux+5 · Linux Kernel+5

Published

2025-01-20

Updated

2026-01-20

CVE-2025-21998

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the registration of efivars in the uefisecapp firmware component. The issue arises from the efivars service being registered before the memory pool allocation, potentially leading to a NULL-pointer dereference in case of concurrent access to EFI variables. The fix ensures that all resources are set up before registering the efivars.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-367

Related Identifiers

ALT-PU-2025-5786

BDU:2025-11626

CVE-2025-21998

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2025-14591 · Linux+5 · Linux Kernel+5

CVE-2025-21998

Weakness Enumeration

Related Identifiers

Affected Products

References · 217