CVE-2025-21844

MEDIUM

Linux Kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference.

References (10)

Core 10

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Patch

https://git.kernel.org/stable/c/f277e479eea3d1aa18bc712abe1d2bf3dece2e30

Patch

https://git.kernel.org/stable/c/f618aeb6cad2307e48a641379db610abcf593edf

Patch

https://git.kernel.org/stable/c/24e8e4523d3071bc5143b0db9127d511489f7b3b

Patch

https://git.kernel.org/stable/c/9e5d99a4cf2e23c716b44862975548415fae5391

Patch

https://git.kernel.org/stable/c/a9b0b4b29877cb4dc5d0842b59b5ccbacddb85bd

Patch

https://git.kernel.org/stable/c/554736b583f529ee159aa95af9a0cbc12b5ffc96

Patch

https://git.kernel.org/stable/c/860ca5e50f73c2a1cef7eefc9d39d04e275417f7

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 11.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (29)

linux/Kernel < 5.10.235linux

linux/Kernel 5.11.0 - 5.15.179linux

linux/Kernel 5.16.0 - 6.1.130linux

linux/Kernel 6.2.0 - 6.6.80linux

linux/Kernel 6.7.0 - 6.13.5linux

Linux/Linux < 6.7

Linux/Linux 5.10.211 - 5.10.235

Linux/Linux 5.10.235 - 5.10.*

Linux/Linux 5.15.150 - 5.15.179

Linux/Linux 5.15.179 - 5.15.*

... and 19 more

Published Mar 12, 2025

Tracked Since Feb 18, 2026