CVE-2025-21773

In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1590667a60753ee5a54871f2840ceefd4a7831fa	Patch
https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab36df6ed11d0c95f	Patch
https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe339315d6a8d0721	Patch
https://git.kernel.org/stable/c/a1ad2109ce41c9e3912dadd07ad8a9c640064ffb	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::

History

05 Mar 2025, 18:47

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: etas_es58x: corrige una posible desreferencia de puntero NULL en udev->serial El controlador asumió que es58x_dev->udev->serial nunca podría ser NULL. Si bien esto es cierto en dispositivos disponibles comercialmente, un atacante podría falsificar la identidad del dispositivo proporcionando un número de serie USB NULL. Eso activaría una desreferencia de puntero NULL. Agregue una verificación en es58x_dev->udev->serial antes de acceder a él.
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/1590667a60753ee5a54871f2840ceefd4a7831fa -~~	() https://git.kernel.org/stable/c/1590667a60753ee5a54871f2840ceefd4a7831fa - Patch
References	~~() https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab36df6ed11d0c95f -~~	() https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab36df6ed11d0c95f - Patch
References	~~() https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe339315d6a8d0721 -~~	() https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe339315d6a8d0721 - Patch
References	~~() https://git.kernel.org/stable/c/a1ad2109ce41c9e3912dadd07ad8a9c640064ffb -~~	() https://git.kernel.org/stable/c/a1ad2109ce41c9e3912dadd07ad8a9c640064ffb - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476

27 Feb 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-27 03:15

Updated : 2025-03-05 18:47

NVD link : CVE-2025-21773

Mitre link : CVE-2025-21773

CVE.ORG link : CVE-2025-21773

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10