CVE-2025-21773

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21773
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21773.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21773
Downstream
Related
Published
2025-02-27T02:18:20.013Z
Modified
2026-03-20T12:41:09.962164Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
can: etas_es58x: fix potential NULL pointer dereference on udev->serial
Details

In the Linux kernel, the following vulnerability has been resolved:

can: etas_es58x: fix potential NULL pointer dereference on udev->serial

The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference.

Add a check on es58x_dev->udev->serial before accessing it.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21773.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9f06631c3f1f0f298536443df85a6837ba4c5f5c
Fixed
1590667a60753ee5a54871f2840ceefd4a7831fa
Fixed
722e8e1219c8b6ac2865011fe339315d6a8d0721
Fixed
5059ea98d7bc133903d3e47ab36df6ed11d0c95f
Fixed
a1ad2109ce41c9e3912dadd07ad8a9c640064ffb

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21773.json"