#VU105664 NULL pointer dereference in Linux kernel - CVE-2025-21852
Vulnerability identifier: #VU105664
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16
External links
https://git.kernel.org/stable/c/4dba79c1e7aad6620bbb707b6c4459380fd90860
https://git.kernel.org/stable/c/5da7e15fb5a12e78de974d8908f348e279922ce9
https://git.kernel.org/stable/c/f579afacd0a66971fc8481f30d2d377e230a8342
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
