CVE-2025-22078

medium

Description

In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_arm: Fix possible NPR of keep-alive thread In case vchiq_platform_conn_state_changed() is never called or fails before driver removal, ka_thread won't be a valid pointer to a task_struct. So do the necessary checks before calling kthread_stop to avoid a crash.

References

https://git.kernel.org/stable/c/bd38395b901327f77a82112f006240de22cf2ceb

https://git.kernel.org/stable/c/a915c896f95a989a7759a73f8c064f5dc3775175

https://git.kernel.org/stable/c/3db89bc6d973e2bcaa852f6409c98c228f39a926

https://git.kernel.org/stable/c/1817c4b85011998604e5ff9a80a6e01adb7e7e81

Details

Source: Mitre, NVD

Published: 2025-04-16

Updated: 2025-04-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018