#VU107720 NULL pointer dereference in Linux kernel - CVE-2025-22033
Vulnerability identifier: #VU107720
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_compat_alignment_fixup() function in arch/arm64/kernel/compat_alignment.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8, 6.13.9, 6.13.10
External links
https://git.kernel.org/stable/c/2df8ee605eb6806cd41c2095306db05206633a08
https://git.kernel.org/stable/c/617a4b0084a547917669fef2b54253cc9c064990
https://git.kernel.org/stable/c/c28f31deeacda307acfee2f18c0ad904e5123aac
https://git.kernel.org/stable/c/cf187601053ecaf671ae645edb898901f81d03e9
https://git.kernel.org/stable/c/ecf798573bbe0805803f7764e12a34b4bcc65074
https://git.kernel.org/stable/c/fa2a9f625f185c6acb4ee5be8d71359a567afac9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
