What is the severity of CVE-2025-21998?

CVE-2025-21998 has a medium severity rating due to potential memory allocation issues in the Linux kernel.

How do I fix CVE-2025-21998?

To fix CVE-2025-21998, update your Linux kernel to the latest patched version that addresses this vulnerability.

What systems are affected by CVE-2025-21998?

CVE-2025-21998 affects certain versions of the Linux kernel using the TZ allocator for efivars registration.

Can CVE-2025-21998 lead to system instability?

Yes, CVE-2025-21998 can lead to system instability due to a potential race condition in memory pool allocation.

Is there a workaround for CVE-2025-21998?

There are no documented workarounds for CVE-2025-21998; the recommended action is to apply the kernel update.

Vulnerability/
CVE-2025-21998

medium

4.7

CWE

367 476

3/4/2025

10/4/2025

CVE-2025-21998: firmware: qcom: uefisecapp: fix efivars registration race

First published: Thu Apr 03 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=6.11<6.12.21
Linux Kernel	>=6.13<6.13.9
Linux Kernel	=6.14-rc1
Linux Kernel	=6.14-rc2
Linux Kernel	=6.14-rc3
Linux Kernel	=6.14-rc4
Linux Kernel	=6.14-rc5
Linux Kernel	=6.14-rc6
Linux Kernel	=6.14-rc7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21998?
CVE-2025-21998 has a medium severity rating due to potential memory allocation issues in the Linux kernel.
How do I fix CVE-2025-21998?
To fix CVE-2025-21998, update your Linux kernel to the latest patched version that addresses this vulnerability.
What systems are affected by CVE-2025-21998?
CVE-2025-21998 affects certain versions of the Linux kernel using the TZ allocator for efivars registration.
Can CVE-2025-21998 lead to system instability?
Yes, CVE-2025-21998 can lead to system instability due to a potential race condition in memory pool allocation.
Is there a workaround for CVE-2025-21998?
There are no documented workarounds for CVE-2025-21998; the recommended action is to apply the kernel update.

collector/mitre-cve
source/MITRE
agent/type
agent/references
agent/description
agent/title
agent/first-publish-date
agent/author
agent/source
agent/event
agent/guess-ai
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/weakness
agent/last-modified-date
agent/severity
agent/remedy
agent/tags
agent/softwarecombine
vendor/linux
canonical/linux kernel
version/linux kernel/6.11
version/linux kernel/6.13
version/linux kernel/6.14-rc1
version/linux kernel/6.14-rc2
version/linux kernel/6.14-rc3
version/linux kernel/6.14-rc4
version/linux kernel/6.14-rc5
version/linux kernel/6.14-rc6
version/linux kernel/6.14-rc7

CVE-2025-21998: firmware: qcom: uefisecapp: fix efivars registration race

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21998?

How do I fix CVE-2025-21998?

What systems are affected by CVE-2025-21998?

Can CVE-2025-21998 lead to system instability?

Is there a workaround for CVE-2025-21998?

Company

Resources

Contact