Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

INFO

Published Date :

2025-04-03T07:19:02.272Z

Last Modified :

2025-10-01T17:11:00.349Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21998 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21998.

URL Resource
https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a cve-icon cve-icon
https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a cve-icon cve-icon
https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025040348-CVE-2025-21998-b57d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21998 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21998 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact