CVE-2025-21822Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 89.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 27

Description

In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Set driver data before its usage If vmclock_ptp_register() fails during probing, vmclock_remove() is called to clean up the ptp clock and misc device. It uses dev_get_drvdata() to access the vmclock state. However the driver data is not yet set at this point. Assign the driver data earlier.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.136.13.4+1
CVEListV5linux/linux20503272422693d793b84f88bf23fe4e955d3a336dbd8b91a065d1d8001446a28e72cd140f9acef0+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-5jx9-3p7f-55g3: In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Set driver data before its usage If vmclock_ptp_register() fails d2025-02-27
OSV
CVE-2025-21822: In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Set driver data before its usage If vmclock_ptp_register() fails dur2025-02-27

📋Vendor Advisories

2
Red Hat
kernel: ptp: vmclock: Set driver data before its usage2025-02-27
Debian
CVE-2025-21822: linux - In the Linux kernel, the following vulnerability has been resolved: ptp: vmcloc...2025
CVE-2025-21822 — Use of Uninitialized Resource in Linux | cvebase