CVE-2025-21998

Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access.

Make sure that all resources have been set up before registering the efivars.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6612103ec35af6058bb85ab24dae28e119b3c055

Fixed

c4e37b381a7a243c298a4858fc0a5a74e737c79a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6612103ec35af6058bb85ab24dae28e119b3c055

Fixed

f15a2b96a0e41c426c63a932d0e63cde7b9784aa

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6612103ec35af6058bb85ab24dae28e119b3c055

Fixed

da8d493a80993972c427002684d0742560f3be4a

Affected versions

v6.*

v6.10

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.13.6

v6.13.7

v6.13.8

v6.14-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c",
            "function": "qcom_uefisecapp_probe"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da8d493a80993972c427002684d0742560f3be4a",
        "digest": {
            "length": 746.0,
            "function_hash": "50579163368325629018624999214533123964"
        },
        "id": "CVE-2025-21998-51531d78"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da8d493a80993972c427002684d0742560f3be4a",
        "digest": {
            "line_hashes": [
                "68685052580535303013245166863382880618",
                "7695740514274803738701958330388659148",
                "67368391200645627681768190516043551261",
                "130210703817765807752619397273156269814",
                "115216389724655089255819683823709185243",
                "264250308276947122833812134331961752523",
                "141146409717502050912267562434230297048",
                "312107096958154269729934347569110565839",
                "259034563941982159081174234722899627234",
                "182707316803586265554964075701334511595",
                "245377583533876294548282551995464630383",
                "324577335403186152250457176208172842993",
                "185234842229038827213631643053783480054"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-21998-e18bef8b"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.12.21

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.9