Executive Summary

Informations
Name CVE-2025-22092 First vendor Publication 2025-04-16
Vendor Cve Last vendor Modification 2025-04-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix NULL dereference in SR-IOV VF creation error path

Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when pci_setup_device() fails.

Add pci_iov_scan_device(), which handles virtfn allocation and setup and cleans up if pci_setup_device() fails, so pci_iov_add_virtfn() doesn't need to call pci_stop_and_remove_bus_device(). This prevents accessing partially initialized virtfn devices during removal.

BUG: kernel NULL pointer dereference, address: 00000000000000d0
RIP: 0010:device_del+0x3d/0x3d0
Call Trace:
pci_remove_bus_device+0x7c/0x100
pci_iov_add_virtfn+0xfa/0x200
sriov_enable+0x208/0x420
mlx5_core_sriov_configure+0x6a/0x160 [mlx5_core]
sriov_numvfs_store+0xae/0x1a0

[bhelgaas: commit log, return ERR_PTR(-ENOMEM) directly]

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22092

Sources (Detail)

https://git.kernel.org/stable/c/04d50d953ab46d96b0b32d5ad955fceaa28622db
https://git.kernel.org/stable/c/c67a233834b778b8c78f8b62c072ccf87a9eb6d0
https://git.kernel.org/stable/c/ef421b4d206f0d3681804b8f94f06a8458a53aaf
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-05-27 02:55:27
  • First insertion