CVE-2025-21773

Published: Feb 27, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the device identity providing a NULL USB serial number. That would trigger a NULL pointer dereference. Add a check on es58x_dev->udev->serial before accessing it.

Vendor	Product	Versions
Linux	Linux	affected `9f06631c3f1f0f298536443df85a6837ba4c5f5c - < 1590667a60753ee5a54871f2840ceefd4a7831fa` affected `9f06631c3f1f0f298536443df85a6837ba4c5f5c - < 722e8e1219c8b6ac2865011fe339315d6a8d0721` affected `9f06631c3f1f0f298536443df85a6837ba4c5f5c - < 5059ea98d7bc133903d3e47ab36df6ed11d0c95f` affected `9f06631c3f1f0f298536443df85a6837ba4c5f5c - < a1ad2109ce41c9e3912dadd07ad8a9c640064ffb`
Linux	Linux	affected `6.2` unaffected `0 - < 6.2` unaffected `6.6.79 - <= 6.6.` unaffected `6.12.16 - <= 6.12.` unaffected `6.13.4 - <= 6.13.*` +1 more versions

References

https://git.kernel.org/stable/c/1590667a60753ee5a54871f2840ceefd4a7831fa

https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe339315d6a8d0721

https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab36df6ed11d0c95f

https://git.kernel.org/stable/c/a1ad2109ce41c9e3912dadd07ad8a9c640064ffb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21773

Description

Affected Products

References