PT-2025-16710 · Linux+6 · Linux Kernel+6

Published

2025-03-17

·

Updated

2026-04-20

·

CVE-2025-22070

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A NULL pointer dereference issue occurs when a 9p tree is mounted with the 'posixacl' option and a subdirectory is created. This happens because the v9fs fid add() call in the v9fs vfs mkdir dotl() function sets the fid pointer to NULL, which is then used by the v9fs set create acl() call, expecting a valid non-NULL fid pointer. This results in a kernel NULL pointer dereference.
Recommendations To resolve this issue, the sequence of calls in the v9fs vfs mkdir dotl() function should be swapped, calling v9fs set create acl() before v9fs fid add(). At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
AZL-61700
BDU:2026-01404
CVE-2025-22070
ECHO-7915-95B2-D64A
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7835-1
USN-7835-2
USN-7835-3
USN-7835-4
USN-7835-5
USN-7835-6
USN-7887-1
USN-7887-2
USN-7940-1
USN-7940-2

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu