CVE-2025-21918
Published: April 2, 2025Last modified: April 2, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.134-r0) |
| Stream | linux-lts | Fixed (6.6.83-r0) |
References
- https://git.kernel.org/stable/c/079a3e52f3e751bb8f5937195bdf25c5d14fdff0
- https://git.kernel.org/stable/c/46fba7be161bb89068958138ea64ec33c0b446d4
- https://git.kernel.org/stable/c/592a0327d026a122e97e8e8bb7c60cbbe7697344
- https://git.kernel.org/stable/c/7a735a8a46f6ebf898bbefd96659ca5da798bce0
- https://git.kernel.org/stable/c/b13abcb7ddd8d38de769486db5bd917537b32ab1