CVE-2025-21918
usb: typec: ucsi: Fix NULL pointer access
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
01 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Fix NULL pointer access
Resources should be released only after all threads that utilize them
have been destroyed.
This commit ensures that resources are not released prematurely by waiting
for the associated workqueue to complete before deallocating them.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/079a3e52f3e751bb8f5937195bdf25c5d14fdff0https://git.kernel.org/stable/c/46fba7be161bb89068958138ea64ec33c0b446d4https://git.kernel.org/stable/c/592a0327d026a122e97e8e8bb7c60cbbe7697344https://git.kernel.org/stable/c/7a735a8a46f6ebf898bbefd96659ca5da798bce0https://git.kernel.org/stable/c/b13abcb7ddd8d38de769486db5bd917537b32ab1https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html