CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

Description

In the Linux kernel, the following vulnerability has been resolved:

nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

Add check for the return value of nfp_app_ctrl_msg_alloc() in
nfp_bpf_cmsg_alloc() to prevent null pointer dereference.

Classification

CVE ID: CVE-2025-21848

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.11% (scored less or equal to compared to others)

EPSS Date: 2025-04-10 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21848
https://git.kernel.org/stable/c/1358d8e07afdf21d49ca6f00c56048442977e00a
https://git.kernel.org/stable/c/29ccb1e4040da6ff02b7e64efaa2f8e6bf06020d
https://git.kernel.org/stable/c/897c32cd763fd11d0b6ed024c52f44d2475bb820
https://git.kernel.org/stable/c/bd97f60750bb581f07051f98e31dfda59d3a783b
https://git.kernel.org/stable/c/878e7b11736e062514e58f3b445ff343e6705537

Timeline