PT-2025-16691 · Linux+3 · Linux Kernel+3
Published
2025-03-20
·
Updated
2026-03-13
·
CVE-2025-22051
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A problem in the Linux kernel has been identified where disconnecting the agilent usb dongle causes subsequent calls to the driver to result in a NULL dereference Oops. This occurs because the
bus interface is set to NULL on disconnect. The issue was introduced by setting usb dev from the bus interface for dev xxx messages, and it was previously only checked for NULL in functions directly calling usb fill bulk urb or usb control msg. To fix this, checks for a valid bus interface have been added to all interface entry points, returning -ENODEV if it is NULL.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Resource Release
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linux Kernel
Ubuntu