CVE-2025-21804NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-121Stack-based Buffer Overflow57 documents6 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV5.9
EPSS
0.0%
top 89.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedFeb 27
Latest updateSep 3

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region() macro to request a needed resource. A string variable that lives on the stack is then used to store a dynamically computed resource name, which is then passed on as one of the macro arguments. This can lead to undefined behavior. Depending on the current contents of the memo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.85.10.235+5
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.15.0-140.150+1
CVEListV5linux/linux2a6d0d63d99956a66f6605832f11755d74a419517a47e14c5fb0b6dba7073be7b0119fb8fe864e01+7
debiandebian/linux< linux 6.1.129-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

28
OSV
linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities2025-09-03
OSV
linux-raspi vulnerabilities2025-07-24
OSV
linux-raspi-realtime vulnerabilities2025-07-24
OSV
linux-gcp, linux-gcp-6.8 vulnerabilities2025-07-22
OSV
linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities2025-07-22

📋Vendor Advisories

28
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-03
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-07-24
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-07-24
Ubuntu
Linux kernel (GCP) vulnerabilities2025-07-22
Ubuntu
Linux kernel vulnerabilities2025-07-22