CVE-2025-21918

5.5 MEDIUM

Published: April 01, 2025 Modified: November 03, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://git.kernel.org/stable/c/079a3e52f3e751bb8f5937195bdf25c5d14fdff0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/46fba7be161bb89068958138ea64ec33c0b446d4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/592a0327d026a122e97e8e8bb7c60cbbe7697344

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/7a735a8a46f6ebf898bbefd96659ca5da798bce0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b13abcb7ddd8d38de769486db5bd917537b32ab1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Source: af854a3a-2127-422b-91ae-364da2661108

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.5 / 10.0

EPSS (Exploit Probability)

0.0%

10th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-476 CWE-476

Affected Vendors

linux

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A