PT-2025-4351 · Linux+5 · Linux Kernel+5

Michal Luczaj

·

Published

2025-01-10

·

Updated

2025-10-03

·

CVE-2025-21670

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.73/6.12.10
Description The issue is related to a null pointer dereference in the Linux kernel's vsock/bpf module. This can occur when a socket has a null transport, for example, after a failed connect() call. The error can cause a kernel crash, leading to a denial of service. The vsock bpf recvmsg() function needs to check the vsk->transport especially for connected sockets (stream/seqpacket) to prevent this issue.
Recommendations To resolve the issue, update the Linux kernel to a version newer than 6.6.73/6.12.10. As a temporary workaround, consider restricting access to the vsock bpf recvmsg() function, especially for connected sockets, until a patch is available. Additionally, ensure that the vsk->transport is properly checked in the vsock bpf recvmsg() function to prevent null pointer dereferences.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-3467
ALT-PU-2025-3500
AZL-56396
BDU:2025-01465
CVE-2025-21670
OESA-2025-1093
OESA-2025-1097
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0847-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_0847-1
USN-7445-1
USN-7448-1
USN-7595-1
USN-7595-2
USN-7595-3
USN-7595-4
USN-7595-5
USN-7596-1
USN-7596-2
USN-7653-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu