SB20250422102 - NULL pointer dereference in Linux kernel gpib ni_usb driver
Published: April 22, 2025 Updated: May 10, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-22052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ni_usb_read(), ni_usb_write(), ni_usb_command_chunk(), ni_usb_take_control(), ni_usb_go_to_standby(), ni_usb_request_system_control(), ni_usb_interface_clear(), ni_usb_remote_enable(), ni_usb_update_status(), ni_usb_primary_address(), ni_usb_secondary_address(), ni_usb_parallel_poll(), ni_usb_parallel_poll_configure(), ni_usb_parallel_poll_response(), ni_usb_serial_poll_response(), ni_usb_return_to_local(), ni_usb_line_status() and ni_usb_t1_delay() functions in drivers/staging/gpib/ni_usb/ni_usb_gpib.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.