DEBIAN-CVE-2025-21670

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-21670
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-21670.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-21670
Upstream
Published
2025-01-31T12:15:28Z
Modified
2025-09-25T04:30:05.823152Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ RIP: 0010:vsockconnectiblehasdata+0x1f/0x40 Call Trace: vsockbpfrecvmsg+0xca/0x5e0 sockrecvmsg+0xb9/0xc0 _sysrecvfrom+0xb3/0x130 _x64sysrecvfrom+0x20/0x30 dosyscall64+0x93/0x180 entrySYSCALL64afterhwframe+0x76/0x7e So we need to check the vsk->transport in vsockbpfrecvmsg(), especially for connected sockets (stream/seqpacket) as we already do in _vsockconnectible_recvmsg().

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.11-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.11-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}