NULL pointer dereference in Linux kernel - CVE-2025-21937
Published: April 2, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU106709
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-21937
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-21937
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/37785a01040cb5d11ed0ddbcbf78491fcd073161
- https://git.kernel.org/stable/c/69fb168b88e4d62cb31cdd725b67ccc5216cfcaf
- https://git.kernel.org/stable/c/88310caff68ae69d0574859f7926a59c1da2d60b
- https://git.kernel.org/stable/c/c5845c73cbacf5704169283ef29ca02031a36564
- https://git.kernel.org/stable/c/f2176a07e7b19f73e05c805cf3d130a2999154cb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83