CVE-2025-21980

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21980
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21980.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21980
Downstream
Related
Published
2025-04-01T15:47:09.232Z
Modified
2026-03-20T12:41:15.894003Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
sched: address a potential NULL pointer dereference in the GRED scheduler.
Details

In the Linux kernel, the following vulnerability has been resolved:

sched: address a potential NULL pointer dereference in the GRED scheduler.

If kzalloc in gredinit returns a NULL pointer, the code follows the error handling path, invoking greddestroy. This, in turn, calls gred_offload, where memset could receive a NULL pointer as input, potentially leading to a kernel crash.

When table->opt is NULL in gredinit(), gredchangetabledef() is not called yet, so it is not necessary to call ->ndosetuptc() in gred_offload().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21980.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f25c0515c521375154c62c72447869f40218c861
Fixed
d02c9acd68950a444acda18d514e2b41f846cb7f
Fixed
0f0a152957d64ce45b4c27c687e7d087e8f45079
Fixed
68896dd50180b38ea552e49a6a00b685321e5769
Fixed
5f996b4f80c2cef1f9c77275055e7fcba44c9199
Fixed
115ef44a98220fddfab37a39a19370497cd718b9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21980.json"