SB2025040260 - NULL pointer dereference in Linux kernel hid driver
Published: April 2, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025040260
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-21948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the appleir_raw_event() function in drivers/hid/hid-appleir.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0df1ac8ee417ad76760ff076faa4518a4d861894
- https://git.kernel.org/stable/c/2ff5baa9b5275e3acafdf7f2089f74cccb2f38d1
- https://git.kernel.org/stable/c/68cdf6710f228dfd74f66ec61fbe636da2646a73
- https://git.kernel.org/stable/c/6db423b00940b05df2a1265d3c7eabafe9f1734c
- https://git.kernel.org/stable/c/8d39eb8c5e14f2f0f441eed832ef8a7b654e6fee
- https://git.kernel.org/stable/c/b1d95d733cd6e74f595653daddcfc357bea461e8
- https://git.kernel.org/stable/c/d335fce8b88b2353f4bb20c631698e20384e3610
- https://git.kernel.org/stable/c/fc69e2c3219d433caabba4b5d6371ba726a4b37f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83