CVE-2025-21998

medium

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

References

https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa

https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a

https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a

Details

Source: Mitre, NVD

Published: 2025-04-03

Updated: 2025-04-07

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium