github - ghsa-82w6-hjxq-qjm2

ghsa-82w6-hjxq-qjm2

Vulnerability from github

Published

2025-02-27 21:32

Modified

2025-03-05 15:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

firewire: test: Fix potential null dereference in firewire kunit test

kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for test_state.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-21798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T20:16:02Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: test: Fix potential null dereference in firewire kunit test\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd a NULL check for test_state.",
  "id": "GHSA-82w6-hjxq-qjm2",
  "modified": "2025-03-05T15:30:51Z",
  "published": "2025-02-27T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21798"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/352fafe97784e81a10a7c74bd508f71a19b53c2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70fcb25472d90dd3b87cbee74b9eb68670b0c7b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6896bf4c611c3dd126f3e03685f2360a18b3d6f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-21798 (GCVE-0-2025-21798)

Vulnerability from cvelistv5

Published

2025-02-27 20:00

Modified

2025-10-01 19:36

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: firewire: test: Fix potential null dereference in firewire kunit test kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for test_state.

References

URL

Tags

	https://git.kernel.org/stable/c/c6896bf4c611c3dd126f3e03685f2360a18b3d6f
	https://git.kernel.org/stable/c/70fcb25472d90dd3b87cbee74b9eb68670b0c7b8
	https://git.kernel.org/stable/c/352fafe97784e81a10a7c74bd508f71a19b53c2a

Impacted products

Vendor

Product

Version

Version: 1c8506d62624fbc57db75414a387f365da8422e9
Version: 1c8506d62624fbc57db75414a387f365da8422e9
Version: 1c8506d62624fbc57db75414a387f365da8422e9

Version: 6.8

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:28:45.431282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:36:38.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/device-attribute-test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c6896bf4c611c3dd126f3e03685f2360a18b3d6f",
              "status": "affected",
              "version": "1c8506d62624fbc57db75414a387f365da8422e9",
              "versionType": "git"
            },
            {
              "lessThan": "70fcb25472d90dd3b87cbee74b9eb68670b0c7b8",
              "status": "affected",
              "version": "1c8506d62624fbc57db75414a387f365da8422e9",
              "versionType": "git"
            },
            {
              "lessThan": "352fafe97784e81a10a7c74bd508f71a19b53c2a",
              "status": "affected",
              "version": "1c8506d62624fbc57db75414a387f365da8422e9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/device-attribute-test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: test: Fix potential null dereference in firewire kunit test\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd a NULL check for test_state."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:21:27.515Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c6896bf4c611c3dd126f3e03685f2360a18b3d6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/70fcb25472d90dd3b87cbee74b9eb68670b0c7b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/352fafe97784e81a10a7c74bd508f71a19b53c2a"
        }
      ],
      "title": "firewire: test: Fix potential null dereference in firewire kunit test",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21798",
    "datePublished": "2025-02-27T20:00:53.557Z",
    "dateReserved": "2024-12-29T08:45:45.770Z",
    "dateUpdated": "2025-10-01T19:36:38.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.