CVE-2025-21755 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2025-02-27

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-5158	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2025-21755-5887@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-21755
https://www.cve.org/CVERecord?id=CVE-2025-21755

History

Wed, 18 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `None`

Thu, 27 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/3a866f8376f0a5c848dcb59cd26df845fffbe6d8 https://git.kernel.org/stable/c/631e00fdac7acca676103d6cbc96eb152625f449 https://git.kernel.org/stable/c/78dafe1cf3afa02ed71084b350713b07e72a18fb https://git.kernel.org/stable/c/94d81870eec7ad2dd7af80bffd314ded26caea1a https://git.kernel.org/stable/c/bab61f41c942a20ef7b4feea50e9d36d19ad1a26 https://git.kernel.org/stable/c/c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3 https://git.kernel.org/stable/c/f3b8e9d3414b2eb083d8293be25a949fe480897b

Thu, 27 Mar 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: vsock: Orphan socket after transport release During socket release, sock_orphan() is called without considering that it sets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a null pointer dereferenced in virtio_transport_wait_close(). Orphan the socket only after transport release. Partially reverts the 'Fixes:' commit. KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] lock_acquire+0x19e/0x500 _raw_spin_lock_irqsave+0x47/0x70 add_wait_queue+0x46/0x230 virtio_transport_release+0x4e7/0x7f0 __vsock_release+0xfd/0x490 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x35e/0xa90 __x64_sys_close+0x78/0xd0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	vsock: Orphan socket after transport release	kernel: vsock: Orphan socket after transport release

Thu, 13 Mar 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/631e00fdac7acca676103d6cbc96eb152625f449 https://git.kernel.org/stable/c/bab61f41c942a20ef7b4feea50e9d36d19ad1a26 https://git.kernel.org/stable/c/c6acb650a73d5705a93b9c5a2cd5e9c8161f0be3

Wed, 05 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 28 Feb 2025 02:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2025-21755-5887@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-21755 https://www.cve.org/CVERecord?id=CVE-2025-21755
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 27 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: vsock: Orphan socket after transport release During socket release, sock_orphan() is called without considering that it sets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a null pointer dereferenced in virtio_transport_wait_close(). Orphan the socket only after transport release. Partially reverts the 'Fixes:' commit. KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] lock_acquire+0x19e/0x500 _raw_spin_lock_irqsave+0x47/0x70 add_wait_queue+0x46/0x230 virtio_transport_release+0x4e7/0x7f0 __vsock_release+0xfd/0x490 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x35e/0xa90 __x64_sys_close+0x78/0xd0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
Title		vsock: Orphan socket after transport release
References		https://git.kernel.org/stable/c/3a866f8376f0a5c848dcb59cd26df845fffbe6d8 https://git.kernel.org/stable/c/78dafe1cf3afa02ed71084b350713b07e72a18fb https://git.kernel.org/stable/c/94d81870eec7ad2dd7af80bffd314ded26caea1a https://git.kernel.org/stable/c/f3b8e9d3414b2eb083d8293be25a949fe480897b

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-02-27T02:18:11.055Z

Updated: 2025-03-27T13:48:12.158Z

Reserved: 2024-12-29T08:45:45.760Z

Link: CVE-2025-21755

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-02-27T03:15:16.150

Modified: 2025-03-27T14:15:42.423

Link: CVE-2025-21755

Redhat

Severity :

Publid Date: 2025-02-27T00:00:00Z

Links: CVE-2025-21755 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object