PT-2025-4347 · Linux+8 · Linux Kernel+8

Greg Kroah-Hartman

+1

·

Published

2025-01-10

·

Updated

2026-02-18

·

CVE-2025-21666

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the vsock * has data() function in the Linux kernel, specifically in the net/vmw vsock/af vsock.c module. It involves a null pointer dereference. The problem occurs when vsock * has data() is called on a vsock socket that has been de-assigned from a transport. To prevent this, the code now returns 0 (indicating no space or data available) with a warning, allowing the system to continue running in a nearly consistent state and enabling debugging of future problems.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-3467
ALT-PU-2025-3500
AZL-56279
AZL-56337
BDU:2025-01463
CVE-2025-21666
DLA-4075-1
DLA-4076-1
DSA-5860-1
INFSA-2025_6966
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0847-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_0847-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7407-1
USN-7421-1
USN-7445-1
USN-7448-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7595-1
USN-7595-2
USN-7595-3
USN-7595-4
USN-7595-5
USN-7596-1
USN-7596-2
USN-7653-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu