CVE-2025-21666
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21666
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21666.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21666
- Downstream
- Related
- Published
- 2025-01-31T11:25:31.138Z
- Modified
- 2025-11-27T19:34:47.576899Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vsock: prevent null-ptr-deref in vsock*[hasdata|has_space]
Recent reports have shown how we sometimes call vsock*has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't.
Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning.
This way the code should continue to run in a nearly consistent state and have a warning that allows us to debug future problems.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/21xxx/CVE-2025-21666.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf
- https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e
- https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd
- https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b
- https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca
- https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0cfa2d8a788fcf45df5bf4070ab2474c88d543aFixeddaeac89cdb03d30028186f5ff7dc26ec8fa843e7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0cfa2d8a788fcf45df5bf4070ab2474c88d543aFixed9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0cfa2d8a788fcf45df5bf4070ab2474c88d543aFixedb52e50dd4fabd12944172bd486a4f4853b7f74dd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0cfa2d8a788fcf45df5bf4070ab2474c88d543aFixedbc9c49341f9728c31fe248c5fbba32d2e81a092b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0cfa2d8a788fcf45df5bf4070ab2474c88d543aFixedc23d1d4f8efefb72258e9cedce29de10d057f8ca
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0cfa2d8a788fcf45df5bf4070ab2474c88d543aFixed91751e248256efc111e52e15115840c35d85abaf