CVE-2025-22016NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-395Use of NullPointerException Catch to Detect NULL Pointer Dereference41 documents6 sources
Severity
5.5MEDIUMNVD
OSV5.9OSV4.7
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 8
Latest updateOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (pin). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel6.86.12.21+2
Debianlinux/linux_kernel< 6.12.21-1+1
Ubuntulinux/linux_kernel< 6.8.0-84.84
CVEListV5linux/linux97f265ef7f5b526b33d6030b2a1fc69a2259bf4acb2f8a5c1fd9e7a1fefa23afe20570e16da1ada4+3
debiandebian/linux< linux 6.12.21-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

20
OSV
linux-oracle-6.8 vulnerabilities2025-10-15
OSV
linux-azure-nvidia vulnerabilities2025-10-08
OSV
linux-oracle vulnerabilities2025-10-06
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-10-02
OSV
linux-raspi-realtime vulnerabilities2025-10-02

📋Vendor Advisories

20
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-15
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-06
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-10-02
Ubuntu
Linux kernel (HWE) vulnerabilities2025-10-02
CVE-2025-22016 — NULL Pointer Dereference in Linux | cvebase