CVE-2025-21980

Description

In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gred_init returns a NULL pointer, the code follows the error handling path, invoking gred_destroy. This, in turn, calls gred_offload, where memset could receive a NULL pointer as input, potentially leading to a kernel crash. When table->opt is NULL in gred_init(), gred_change_table_def() is not called yet, so it is not necessary to call ->ndo_setup_tc() in gred_offload().

Reserved 2024-12-29 | Published 2025-04-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

f25c0515c521375154c62c72447869f40218c861 before d02c9acd68950a444acda18d514e2b41f846cb7f
affected

f25c0515c521375154c62c72447869f40218c861 before 0f0a152957d64ce45b4c27c687e7d087e8f45079
affected

f25c0515c521375154c62c72447869f40218c861 before 68896dd50180b38ea552e49a6a00b685321e5769
affected

f25c0515c521375154c62c72447869f40218c861 before 5f996b4f80c2cef1f9c77275055e7fcba44c9199
affected

f25c0515c521375154c62c72447869f40218c861 before 115ef44a98220fddfab37a39a19370497cd718b9
affected

Default status
affected

5.16
affected

Any version before 5.16
unaffected

6.1.132
unaffected

6.6.84
unaffected

6.12.20
unaffected

6.13.8
unaffected

6.14
unaffected

References

git.kernel.org/...c/d02c9acd68950a444acda18d514e2b41f846cb7f

git.kernel.org/...c/0f0a152957d64ce45b4c27c687e7d087e8f45079

git.kernel.org/...c/68896dd50180b38ea552e49a6a00b685321e5769

git.kernel.org/...c/5f996b4f80c2cef1f9c77275055e7fcba44c9199

git.kernel.org/...c/115ef44a98220fddfab37a39a19370497cd718b9

cve.org (CVE-2025-21980)

nvd.nist.gov (CVE-2025-21980)

Download JSON