PT-2025-4350 · Linux+8 · Linux Kernel+8

Hyunwoo Kim

+1

·

Published

2025-01-10

·

Updated

2025-10-22

·

CVE-2025-21669

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a NULL pointer dereference in the Linux kernel's vsock/virtio module. This can occur when the socket has been de-assigned or assigned to another transport, and packets are received that are not expected, causing issues when accessing vsk->transport. A possible scenario involves a first connect() interrupted by a signal, and a second connect() failed, leading to vsk->transport being NULL.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-3467
ALT-PU-2025-3500
AZL-56393
AZL-56411
BDU:2025-01393
CVE-2025-21669
DLA-4075-1
DLA-4076-1
DSA-5860-1
INFSA-2025_6966
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0847-1
RHSA-2025:6966
RHSA-2025:8669
RHSA-2025_6966
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_0847-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7407-1
USN-7421-1
USN-7445-1
USN-7448-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7595-1
USN-7595-2
USN-7595-3
USN-7595-4
USN-7595-5
USN-7596-1
USN-7596-2
USN-7653-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu