CVE-2025-21998

Sažetak

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

Reference

https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a
https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a
https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

07-04-2025 - 14:18

Objavljeno

03-04-2025 - 08:15