PT-2025-16694 · Linux+6 · Linux Kernel+6

Published

2025-04-04

·

Updated

2026-04-20

·

CVE-2025-22054

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the arcnet module. The com20020pci probe() function does not check for NULL returns from devm kasprintf(), which can lead to a NULL pointer dereference when memory allocation fails. This issue has been resolved by adding a NULL check after devm kasprintf() to prevent the problem and ensure that no resources are left allocated.
Recommendations For the affected Linux kernel versions, add a NULL check after devm kasprintf() in the com20020pci probe() function to prevent the NULL pointer dereference issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-6382
ALT-PU-2025-6606
ALT-PU-2025-7195
BDU:2025-12114
CVE-2025-22054
DLA-4178-1
DLA-4193-1
DSA-5907-1
ECHO-7BC6-0264-3FD5
MGASA-2025-0142
MGASA-2025-0146
OESA-2025-1878
OESA-2025-1879
OESA-2025-1880
USN-7585-1
USN-7585-2
USN-7585-3
USN-7585-4
USN-7585-5
USN-7585-6
USN-7585-7
USN-7591-1
USN-7591-2
USN-7591-3
USN-7591-4
USN-7591-5
USN-7591-6
USN-7592-1
USN-7593-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7597-1
USN-7597-2
USN-7598-1
USN-7602-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7640-1
USN-7655-1
USN-7835-1
USN-7835-2
USN-7835-3
USN-7835-4
USN-7835-5
USN-7835-6
USN-7887-1
USN-7887-2
USN-7940-1
USN-7940-2

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu