{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21666", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.733Z", "datePublished": "2025-01-31T11:25:31.138Z", "dateUpdated": "2025-02-02T10:16:12.988Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-02T10:16:12.988Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "daeac89cdb03d30028186f5ff7dc26ec8fa843e7", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "b52e50dd4fabd12944172bd486a4f4853b7f74dd", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "bc9c49341f9728c31fe248c5fbba32d2e81a092b", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "c23d1d4f8efefb72258e9cedce29de10d057f8ca", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "91751e248256efc111e52e15115840c35d85abaf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.234", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.177", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.127", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.74", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.11", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"}, {"url": "https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"}, {"url": "https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"}, {"url": "https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"}, {"url": "https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"}, {"url": "https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"}], "title": "vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CB4FBE-68EB-481B-BDFC-B74722F3A409", "versionEndExcluding": "5.15.177", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3538C88-E91E-4A62-8415-2EA2F03EAAE3", "versionEndExcluding": "6.1.127", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "38B2F4A9-C656-4A97-8718-D27E6BDFD82A", "versionEndExcluding": "6.6.74", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7D0DBC3-F63C-4396-8A47-6F3D4FA0556E", "versionEndExcluding": "6.12.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*", "matchCriteriaId": "5DFCDFB8-4FD0-465A-9076-D813D78FE51B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: previene null-ptr-deref en vsock_*[has_data|has_space] Informes recientes han mostrado c\u00f3mo a veces llamamos a vsock_*_has_data() cuando un socket vsock ha sido desasignado de un transporte (ver enlaces adjuntos), pero no deber\u00edamos. Las confirmaciones anteriores deber\u00edan haber resuelto los problemas reales, pero es posible que tengamos m\u00e1s en el futuro, por lo que para evitar null-ptr-deref, podemos devolver 0 (sin espacio, sin datos disponibles) pero con una advertencia. De esta manera, el c\u00f3digo deber\u00eda continuar ejecut\u00e1ndose en un estado casi consistente y tener una advertencia que nos permita depurar problemas futuros."}], "id": "CVE-2025-21666", "lastModified": "2025-02-03T19:59:37.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-31T12:15:27.763", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]", "id": "2343173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343173"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."], "name": "CVE-2025-21666", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21666\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21666\nhttps://lore.kernel.org/linux-cve-announce/2025013157-CVE-2025-21666-465a@gregkh/T"], "threat_severity": "Moderate"}