AZL-59963

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59963.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59963

Upstream

CVE-2025-21917

Published

2025-04-01T16:15:22Z

Modified

2026-04-01T05:19:35.032980Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2025-21917 affecting package kernel for versions less than 5.15.180.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

usb: renesasusbhs: Flush the notifyhotplug_work

When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhscnotifyhotplug() function.

Flush the delayed work to avoid its execution when driver resources are unavailable.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21917

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.180.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59963.json"