CVE-2025-71291 (GCVE-0-2025-71291)
Vulnerability from cvelistv5 – Published: 2026-05-06 11:32 – Updated: 2026-05-07 17:13
VLAI?
Title
misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()
Summary
In the Linux kernel, the following vulnerability has been resolved:
misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()
In the function bcm_vk_read(), the pointer entry is checked, indicating
that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the
following code may cause null-pointer dereferences:
struct vk_msg_blk tmp_msg = entry->to_h_msg[0];
set_msg_id(&tmp_msg, entry->usr_msg_id);
tmp_msg.size = entry->to_h_blks - 1;
To prevent these possible null-pointer dereferences, copy to_h_msg,
usr_msg_id, and to_h_blks from iter into temporary variables, and return
these temporary variables to the application instead of accessing them
through a potentially NULL entry.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
88517757a829e9ce146a6c7233ad5dcdc66fcbb0 , < 741c5a3a0cd893a4218fc0fc8c18403e54fcfb22
(git)
Affected: 88517757a829e9ce146a6c7233ad5dcdc66fcbb0 , < ece3722169ba93734bfd1f06255e8ab7f19fe964 (git) Affected: 88517757a829e9ce146a6c7233ad5dcdc66fcbb0 , < aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb (git) Affected: 88517757a829e9ce146a6c7233ad5dcdc66fcbb0 , < 3842f93e6e29d5cc1dcb9e5bda70587b444bed69 (git) Affected: 88517757a829e9ce146a6c7233ad5dcdc66fcbb0 , < 20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd (git) Affected: 88517757a829e9ce146a6c7233ad5dcdc66fcbb0 , < ba75ecb97d3f4e95d59002c13afb6519205be6cb (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/bcm-vk/bcm_vk_msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "741c5a3a0cd893a4218fc0fc8c18403e54fcfb22",
"status": "affected",
"version": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0",
"versionType": "git"
},
{
"lessThan": "ece3722169ba93734bfd1f06255e8ab7f19fe964",
"status": "affected",
"version": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0",
"versionType": "git"
},
{
"lessThan": "aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb",
"status": "affected",
"version": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0",
"versionType": "git"
},
{
"lessThan": "3842f93e6e29d5cc1dcb9e5bda70587b444bed69",
"status": "affected",
"version": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0",
"versionType": "git"
},
{
"lessThan": "20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd",
"status": "affected",
"version": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0",
"versionType": "git"
},
{
"lessThan": "ba75ecb97d3f4e95d59002c13afb6519205be6cb",
"status": "affected",
"version": "88517757a829e9ce146a6c7233ad5dcdc66fcbb0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/bcm-vk/bcm_vk_msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.165",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.128",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.16",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.6",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()\n\nIn the function bcm_vk_read(), the pointer entry is checked, indicating\nthat it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the\nfollowing code may cause null-pointer dereferences:\n\n struct vk_msg_blk tmp_msg = entry-\u003eto_h_msg[0];\n set_msg_id(\u0026tmp_msg, entry-\u003eusr_msg_id);\n tmp_msg.size = entry-\u003eto_h_blks - 1;\n\nTo prevent these possible null-pointer dereferences, copy to_h_msg,\nusr_msg_id, and to_h_blks from iter into temporary variables, and return\nthese temporary variables to the application instead of accessing them\nthrough a potentially NULL entry."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T17:13:50.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/741c5a3a0cd893a4218fc0fc8c18403e54fcfb22"
},
{
"url": "https://git.kernel.org/stable/c/ece3722169ba93734bfd1f06255e8ab7f19fe964"
},
{
"url": "https://git.kernel.org/stable/c/aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb"
},
{
"url": "https://git.kernel.org/stable/c/3842f93e6e29d5cc1dcb9e5bda70587b444bed69"
},
{
"url": "https://git.kernel.org/stable/c/20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd"
},
{
"url": "https://git.kernel.org/stable/c/ba75ecb97d3f4e95d59002c13afb6519205be6cb"
}
],
"title": "misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71291",
"datePublished": "2026-05-06T11:32:23.223Z",
"dateReserved": "2026-05-06T11:31:45.509Z",
"dateUpdated": "2026-05-07T17:13:50.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-71291",
"date": "2026-05-10",
"epss": "0.00024",
"percentile": "0.0704"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-71291\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-06T12:16:28.330\",\"lastModified\":\"2026-05-06T13:07:51.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmisc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()\\n\\nIn the function bcm_vk_read(), the pointer entry is checked, indicating\\nthat it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the\\nfollowing code may cause null-pointer dereferences:\\n\\n struct vk_msg_blk tmp_msg = entry-\u003eto_h_msg[0];\\n set_msg_id(\u0026tmp_msg, entry-\u003eusr_msg_id);\\n tmp_msg.size = entry-\u003eto_h_blks - 1;\\n\\nTo prevent these possible null-pointer dereferences, copy to_h_msg,\\nusr_msg_id, and to_h_blks from iter into temporary variables, and return\\nthese temporary variables to the application instead of accessing them\\nthrough a potentially NULL entry.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3842f93e6e29d5cc1dcb9e5bda70587b444bed69\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/741c5a3a0cd893a4218fc0fc8c18403e54fcfb22\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ba75ecb97d3f4e95d59002c13afb6519205be6cb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ece3722169ba93734bfd1f06255e8ab7f19fe964\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…