CVE-2025-21852 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 12
Latest updateMay 28
Description
In the Linux kernel, the following vulnerability has been resolved:
net: Add rx_skb of kfree_skb to raw_tp_null_args[].
Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0]
in trace_kfree_skb if the prog does not check if rx_sk is NULL.
Commit c53795d48ee8 ("net: add rx_sk to trace_kfree_skb") added
rx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL.
Let's add kfree_skb to raw_tp_null_args[] to let the BPF verifier
validate such a prog and prevent the issue.
Now we…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linuxc53795d48ee8f385c6a9e394651e7ee914baaeba — f579afacd0a66971fc8481f30d2d377e230a8342+3
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime vulnerabilities↗2025-05-20
GHSA▶
GHSA-g33r-c4mc-9962: In the Linux kernel, the following vulnerability has been resolved:
net: Add rx_skb of kfree_skb to raw_tp_null_args[]↗2025-03-12
OSV▶
CVE-2025-21852: In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]↗2025-03-12
📋Vendor Advisories
5Debian▶
CVE-2025-21852: linux - In the Linux kernel, the following vulnerability has been resolved: net: Add rx...↗2025