{"uuid": "dbf0be37-e65f-4c04-bb30-7f13bd854a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21670", "type": "seen", "source": "https://t.me/cvedetector/16942", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21670 - \"Linux Kernel Vsock Transport NULL Pointer Dereference Vulnerability in BPF\"\", \n  \"Content\": \"CVE ID : CVE-2025-21670 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nvsock/bpf: return early if transport is not assigned  \n  \nSome of the core functions can only be called if the transport  \nhas been assigned.  \n  \nAs Michal reported, a socket might have the transport at NULL,  \nfor example after a failed connect(), causing the following trace:  \n  \n    BUG: kernel NULL pointer dereference, address: 00000000000000a0  \n    #PF: supervisor read access in kernel mode  \n    #PF: error_code(0x0000) - not-present page  \n    PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0  \n    Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI  \n    CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+  \n    RIP: 0010:vsock_connectible_has_data+0x1f/0x40  \n    Call Trace:  \n     vsock_bpf_recvmsg+0xca/0x5e0  \n     sock_recvmsg+0xb9/0xc0  \n     __sys_recvfrom+0xb3/0x130  \n     __x64_sys_recvfrom+0x20/0x30  \n     do_syscall_64+0x93/0x180  \n     entry_SYSCALL_64_after_hwframe+0x76/0x7e  \n  \nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(),  \nespecially for connected sockets (stream/seqpacket) as we already  \ndo in __vsock_connectible_recvmsg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:40.000000Z"}