CVE-2025-21848

nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in
nfp_bpf_cmsg_alloc() to prevent null pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-03-12 CVE Published
2025-03-13 CVE Updated
2025-03-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/ff3d43f7568c82b335d7df2d40a31447c3fce10c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d64c6ca420019712e194fe095b55f87363e22a9a	2025-03-13
https://git.kernel.org/stable/c/e976ea6c5e1b005c64467cbf94a8577aae9c7d81	2025-03-13
https://git.kernel.org/stable/c/924b239f9704566e0d86abd894d2d64bd73c11eb	2025-03-13
https://git.kernel.org/stable/c/1358d8e07afdf21d49ca6f00c56048442977e00a	2025-03-07
https://git.kernel.org/stable/c/29ccb1e4040da6ff02b7e64efaa2f8e6bf06020d	2025-02-27
https://git.kernel.org/stable/c/897c32cd763fd11d0b6ed024c52f44d2475bb820	2025-02-27
https://git.kernel.org/stable/c/bd97f60750bb581f07051f98e31dfda59d3a783b	2025-02-27
https://git.kernel.org/stable/c/878e7b11736e062514e58f3b445ff343e6705537	2025-02-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.4.291 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.4.291"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.10.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.15.179 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.179"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.1.130 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.130"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.6.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.12.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.12.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.13.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.13.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.14-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.14-rc4"		en		Affected