CVE-2025-22054

MEDIUM

Linux Kernel - NULL Pointer Dereference in com20020pci_probe()

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, com20020pci_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensure no resources are left allocated.

References (11)

Core 11
Core References

Scores

CVSS v3 5.5
EPSS 0.0017
EPSS Percentile 7.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (35)
linux/Kernel < 5.4.292linux
linux/Kernel 5.11.0 - 5.15.180linux
linux/Kernel 5.16.0 - 6.1.134linux
linux/Kernel 5.5.0 - 5.10.236linux
linux/Kernel 6.13.0 - 6.14.2linux
linux/Kernel 6.2.0 - 6.6.87linux
linux/Kernel 6.7.0 - 6.13.11linux
Linux/Linux < 6.7
Linux/Linux 2e4ad90b15a7341c2d96d2dc6df6d135d72256b6
Linux/Linux 4.19.302 - 4.20
... and 25 more
Published Apr 16, 2025
Tracked Since Feb 18, 2026