CVE-2025-22054

In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, com20020pci_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensure no resources are left allocated.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa	Patch
https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4	Patch
https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d	Patch
https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e	Patch
https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179	Patch
https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3	Patch
https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547	Patch
https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2	Patch
https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

29 Apr 2025, 18:50

Type	Values Removed	Values Added
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa -~~	() https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa - Patch
References	~~() https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4 -~~	() https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4 - Patch
References	~~() https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d -~~	() https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d - Patch
References	~~() https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e -~~	() https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e - Patch
References	~~() https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179 -~~	() https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179 - Patch
References	~~() https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3 -~~	() https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3 - Patch
References	~~() https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547 -~~	() https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547 - Patch
References	~~() https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2 -~~	() https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2 - Patch
References	~~() https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3 -~~	() https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3 - Patch
First Time		Linux linux Kernel Linux
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arcnet: Se ha añadido una comprobación de valores NULL en com20020pci_probe(). Devm_kasprintf() devuelve NULL cuando falla la asignación de memoria. Actualmente, com20020pci_probe() no realiza la comprobación en este caso, lo que provoca una desreferencia de puntero NULL. Se ha añadido una comprobación de valores NULL después de devm_kasprintf() para evitar este problema y garantizar que no queden recursos asignados.

16 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-16 15:15

Updated : 2025-04-29 18:50

NVD link : CVE-2025-22054

Mitre link : CVE-2025-22054

CVE.ORG link : CVE-2025-22054

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10