Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.16, < 6.1.130 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1358d8e07afdf21d49ca6f00c56048442977e00aPatch
- https://git.kernel.org/stable/c/29ccb1e4040da6ff02b7e64efaa2f8e6bf06020dPatch
- https://git.kernel.org/stable/c/878e7b11736e062514e58f3b445ff343e6705537Patch
- https://git.kernel.org/stable/c/897c32cd763fd11d0b6ed024c52f44d2475bb820Patch
- https://git.kernel.org/stable/c/924b239f9704566e0d86abd894d2d64bd73c11ebPatch
- https://git.kernel.org/stable/c/bd97f60750bb581f07051f98e31dfda59d3a783bPatch
- https://git.kernel.org/stable/c/d64c6ca420019712e194fe095b55f87363e22a9aPatch
- https://git.kernel.org/stable/c/e976ea6c5e1b005c64467cbf94a8577aae9c7d81Patch
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
FAQ
What is CVE-2025-21848?
CVE-2025-21848 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc(...
How severe is CVE-2025-21848?
CVE-2025-21848 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21848?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.