CVE-2025-22092

MEDIUM EPSS 5.9%
Published Apr 16, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 16, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when pci_setup_device() fails. Add pci_iov_scan_device(), which handles virtfn allocation and setup and cleans up if pci_setup_device() fails, so pci_iov_add_virtfn() doesn't need to call pci_stop_and_remove_bus_device(). This prevents accessing partially initialized virtfn devices during removal. BUG: kernel NULL pointer dereference, address: 00000000000000d0 RIP: 0010:device_del+0x3d/0x3d0 Call Trace: pci_remove_bus_device+0x7c/0x100 pci_iov_add_virtfn+0xfa/0x200 sriov_enable+0x208/0x420 mlx5_core_sriov_configure+0x6a/0x160 [mlx5_core] sriov_numvfs_store+0xae/0x1a0 [bhelgaas: commit log, return ERR_PTR(-ENOMEM) directly]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.13  –  <6.13.11
linuxlinux_kernel*≥6.14  –  <6.14.2

References 3

  • git.kernel.org https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf
    Patch