PT-2025-16690 · Linux+6 · Linux Kernel+6
Published
2025-04-04
·
Updated
2026-04-20
·
CVE-2025-22050
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A race condition in the Linux kernel's usbnet module can lead to a NULL pointer dereference, resulting in a Kernel Panic. This issue arises due to the lack of
usbnet going away validation in the usb submit urb function, which is present in the usbnet queue skb function. The inconsistency can cause a URB request to succeed while the corresponding SKB data fails to be queued, leading to subsequent processes attempting to access skb->next and triggering a NULL pointer dereference.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu