CVE-2025-21666

Summary

In the Linux kernel, the following vulnerability has been resolved:

vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]

Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't.

Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning.

This way the code should continue to run in a nearly consistent state and have a warning that allows us to debug future problems.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc0cfa2d8a788fcf45df5bf4070ab2474c88d543a < daeac89cdb03d30028186f5ff7dc26ec8fa843e7affected
LinuxLinuxc0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853eaffected
LinuxLinuxc0cfa2d8a788fcf45df5bf4070ab2474c88d543a < b52e50dd4fabd12944172bd486a4f4853b7f74ddaffected
LinuxLinuxc0cfa2d8a788fcf45df5bf4070ab2474c88d543a < bc9c49341f9728c31fe248c5fbba32d2e81a092baffected
LinuxLinuxc0cfa2d8a788fcf45df5bf4070ab2474c88d543a < c23d1d4f8efefb72258e9cedce29de10d057f8caaffected
LinuxLinuxc0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 91751e248256efc111e52e15115840c35d85abafaffected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.234 <= 5.10.*unaffected
LinuxLinux5.15.177 <= 5.15.*unaffected
LinuxLinux6.1.127 <= 6.1.*unaffected
LinuxLinux6.6.74 <= 6.6.*unaffected
LinuxLinux6.12.11 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References