CVE-2025-0010 — Out-of-bounds Write in Kernel

CWE-787 — Out-of-bounds Write CWE-459 — Incomplete Cleanup CWE-704 — Incorrect Type Conversion or Cast CWE-416 — Use After Free CWE-1341 — Multiple Releases of Same Resource or Handle CWE-400 — Uncontrolled Resource Consumption CWE-99 — Resource Injection CWE-131 — Incorrect Calculation of Buffer Size CWE-476 — NULL Pointer Dereference42 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 97.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Google Chrome Chrome

Timeline

PublishedSep 6

Latest updateJan 23

Description

An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:HExploitability: 1.3 | Impact: 4.7

Affected Packages2 packages

▶Linuxlinux/linux_kernel5.5.0 — 5.10.246+13

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

OSV

drm/amd/display: Check NULL before accessing↗2025-12-16

▶

OSV

f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency()↗2025-11-12

▶

OSV

pps: fix warning in pps_register_cdev when register device fail↗2025-10-28

▶

GHSA

GHSA-8hgc-v7h6-7v8j: An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, i↗2025-09-06

▶

📋Vendor Advisories

Red Hat

kernel: netfilter: nf_tables: avoid chain re-validation if possible↗2026-01-23

▶

Red Hat

kernel: Linux kernel: Denial of Service via NULL pointer dereference in HSR↗2026-01-13

▶

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-0010↗2025-12-17

▶

Red Hat

kernel: f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency()↗2025-11-12

▶

Red Hat

kernel: iommu/vt-d: debugfs: Fix legacy mode page table dump logic↗2025-11-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68373 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-71088 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-71238 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶