In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, com20020pci_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensure no resources are left allocated.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa cve-icon cve-icon
https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4 cve-icon cve-icon
https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d cve-icon cve-icon
https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e cve-icon cve-icon
https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179 cve-icon cve-icon
https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3 cve-icon cve-icon
https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547 cve-icon cve-icon
https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2 cve-icon cve-icon
https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025041604-CVE-2025-22054-dc6c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-22054 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-22054 cve-icon
History

Tue, 29 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Sat, 19 Apr 2025 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 16 Apr 2025 14:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, com20020pci_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensure no resources are left allocated.
Title arcnet: Add NULL check in com20020pci_probe()
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-04-16T14:12:11.849Z

Updated: 2025-04-16T14:12:11.849Z

Reserved: 2024-12-29T08:45:45.811Z

Link: CVE-2025-22054

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2025-04-16T15:15:58.877

Modified: 2025-04-29T18:50:38.753

Link: CVE-2025-22054

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-16T00:00:00Z

Links: CVE-2025-22054 - Bugzilla