{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-21666", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.733Z", "datePublished": "2025-01-31T11:25:31.138Z", "dateUpdated": "2026-05-12T12:03:08.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:04:05.814Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "daeac89cdb03d30028186f5ff7dc26ec8fa843e7", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "b52e50dd4fabd12944172bd486a4f4853b7f74dd", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "bc9c49341f9728c31fe248c5fbba32d2e81a092b", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "c23d1d4f8efefb72258e9cedce29de10d057f8ca", "status": "affected", "versionType": "git"}, {"version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "91751e248256efc111e52e15115840c35d85abaf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.234", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.177", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.127", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.74", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.11", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.234"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.15.177"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.1.127"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.6.74"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.12.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"}, {"url": "https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"}, {"url": "https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"}, {"url": "https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"}, {"url": "https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"}, {"url": "https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"}], "title": "vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-21666", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:52:24.276957Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:57:12.729Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:58:44.611Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T12:03:08.150Z"}, "affected": [{"vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:58:44.611Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-21666", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:52:24.276957Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T15:58:19.420Z"}}], "cna": {"title": "vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "daeac89cdb03d30028186f5ff7dc26ec8fa843e7", "versionType": "git"}, {"status": "affected", "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e", "versionType": "git"}, {"status": "affected", "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "b52e50dd4fabd12944172bd486a4f4853b7f74dd", "versionType": "git"}, {"status": "affected", "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "bc9c49341f9728c31fe248c5fbba32d2e81a092b", "versionType": "git"}, {"status": "affected", "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "c23d1d4f8efefb72258e9cedce29de10d057f8ca", "versionType": "git"}, {"status": "affected", "version": "c0cfa2d8a788fcf45df5bf4070ab2474c88d543a", "lessThan": "91751e248256efc111e52e15115840c35d85abaf", "versionType": "git"}], "programFiles": ["net/vmw_vsock/af_vsock.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.234", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.177", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.127", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.74", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.11", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/vmw_vsock/af_vsock.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"}, {"url": "https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"}, {"url": "https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"}, {"url": "https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"}, {"url": "https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"}, {"url": "https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.234", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.177", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.127", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.74", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12.11", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.13", "versionStartIncluding": "5.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:04:05.814Z"}}}, "cveMetadata": {"cveId": "CVE-2025-21666", "state": "PUBLISHED", "dateUpdated": "2026-05-11T21:04:05.814Z", "dateReserved": "2024-12-29T08:45:45.733Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-01-31T11:25:31.138Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CB4FBE-68EB-481B-BDFC-B74722F3A409", "versionEndExcluding": "5.15.177", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3538C88-E91E-4A62-8415-2EA2F03EAAE3", "versionEndExcluding": "6.1.127", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "38B2F4A9-C656-4A97-8718-D27E6BDFD82A", "versionEndExcluding": "6.6.74", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7D0DBC3-F63C-4396-8A47-6F3D4FA0556E", "versionEndExcluding": "6.12.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*", "matchCriteriaId": "5DFCDFB8-4FD0-465A-9076-D813D78FE51B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: previene null-ptr-deref en vsock_*[has_data|has_space] Informes recientes han mostrado c\u00f3mo a veces llamamos a vsock_*_has_data() cuando un socket vsock ha sido desasignado de un transporte (ver enlaces adjuntos), pero no deber\u00edamos. Las confirmaciones anteriores deber\u00edan haber resuelto los problemas reales, pero es posible que tengamos m\u00e1s en el futuro, por lo que para evitar null-ptr-deref, podemos devolver 0 (sin espacio, sin datos disponibles) pero con una advertencia. De esta manera, el c\u00f3digo deber\u00eda continuar ejecut\u00e1ndose en un estado casi consistente y tener una advertencia que nos permita depurar problemas futuros."}], "id": "CVE-2025-21666", "lastModified": "2026-05-12T13:16:31.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-31T12:15:27.763", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}], "bugzilla": {"description": "kernel: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]", "id": "2343173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343173"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems."], "name": "CVE-2025-21666", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21666\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21666\nhttps://lore.kernel.org/linux-cve-announce/2025013157-CVE-2025-21666-465a@gregkh/T"], "threat_severity": "Moderate"}

{}