PT-2025-16667 · Linux+7 · Linux Kernel+7
Published
2025-02-13
·
Updated
2026-05-26
·
CVE-2025-22027
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A race condition in the Linux kernel's streamzap driver can cause a general protection fault due to a NULL pointer dereference of the
dev->raw pointer. This occurs because rc unregister device() is called before usb kill urb(), freeing the dev->raw pointer and setting it to NULL, while usb kill urb() waits for in-progress requests to finish. If rc unregister device() is called while the streamzap callback() handler is not finished, it can lead to accessing freed resources. The issue is caused by the incorrect order of actions in the streamzap disconnect() function.Recommendations
To resolve the issue,
rc unregister device() should be called after usb kill urb() in the streamzap disconnect() function.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
NULL Pointer Dereference
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu