CVE-2025-21998

Published: Apr 3, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

Vendor	Product	Versions
Linux	Linux	affected `6612103ec35af6058bb85ab24dae28e119b3c055 - < c4e37b381a7a243c298a4858fc0a5a74e737c79a` affected `6612103ec35af6058bb85ab24dae28e119b3c055 - < f15a2b96a0e41c426c63a932d0e63cde7b9784aa` affected `6612103ec35af6058bb85ab24dae28e119b3c055 - < da8d493a80993972c427002684d0742560f3be4a`
Linux	Linux	affected `6.11` unaffected `0 - < 6.11` unaffected `6.12.21 - <= 6.12.` unaffected `6.13.9 - <= 6.13.` unaffected `6.14 - <= *`

References

https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a

https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa

https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21998

Description

Affected Products

References