#VU107715 NULL pointer dereference in Linux kernel - CVE-2025-22065
Vulnerability identifier: #VU107715
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_shutdown() function in drivers/net/ethernet/intel/idpf/idpf_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.14, 6.14.1
External links
https://git.kernel.org/stable/c/4c9106f4906a85f6b13542d862e423bcdc118cc3
https://git.kernel.org/stable/c/79618e952ef4dfa1a17ee0631d5549603fab58d8
https://git.kernel.org/stable/c/88a6d562e92a295648f8636acf2a6aa714241771
https://git.kernel.org/stable/c/9fc9b3dc0d0c189ed205acf1e5fbd73e0becc4d6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
