{"id":"CVE-2025-21666","summary":"vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn't.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.","modified":"2026-03-20T12:40:40.422401Z","published":"2025-01-31T11:25:31.138Z","related":["SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0564-1","SUSE-SU-2025:0847-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21666.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21666.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21666"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a"},{"fixed":"daeac89cdb03d30028186f5ff7dc26ec8fa843e7"},{"fixed":"9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e"},{"fixed":"b52e50dd4fabd12944172bd486a4f4853b7f74dd"},{"fixed":"bc9c49341f9728c31fe248c5fbba32d2e81a092b"},{"fixed":"c23d1d4f8efefb72258e9cedce29de10d057f8ca"},{"fixed":"91751e248256efc111e52e15115840c35d85abaf"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21666.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}