Main Vulnerability Database SB2025040266

SB2025040266 - NULL pointer dereference in Linux kernel microsoft mana driver

Published: April 2, 2025 Updated: May 11, 2025

Security Bulletin ID SB2025040266

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-21953)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mana_cleanup_port_context(), mana_destroy_eq(), mana_destroy_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c, within the debugfs_remove_recursive(), mana_gd_remove(), mana_gd_shutdown(), mana_driver_init() and mana_driver_exit() functions in drivers/net/ethernet/microsoft/mana/gdma_main.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

SB2025040266 - NULL pointer dereference in Linux kernel microsoft mana driver

Breakdown by Severity

Description

Remediation

References

Please verify you're human