What is the severity of CVE-2025-22054?

CVE-2025-22054 is categorized as a high severity vulnerability due to its potential to cause a NULL pointer dereference in the Linux kernel.

How do I fix CVE-2025-22054?

To fix CVE-2025-22054, update your Linux kernel to the latest version that contains the patch addressing this vulnerability.

Which versions of the Linux Kernel are affected by CVE-2025-22054?

CVE-2025-22054 affects Linux kernel versions between 4.19.302 and 4.20, 5.4.264 and 5.4.292, 5.10.204 and 5.10.236, 5.15.143 and 5.15.180, 6.1.68 and 6.1.134, 6.6.7 and 6.6.87, 6.7 and 6.12.23, 6.13 and 6.13.11, and 6.14 and 6.14.2.

What components are impacted by CVE-2025-22054?

CVE-2025-22054 impacts the arcnet driver in the Linux kernel.

Is CVE-2025-22054 remote exploitable?

CVE-2025-22054 is not considered remote exploitable as it requires local access to the affected system.

Vulnerability/
CVE-2025-22054

medium

5.5

CWE

476

16/4/2025

29/4/2025

CVE-2025-22054: arcnet: Add NULL check in com20020pci_probe()

First published: Wed Apr 16 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, com20020pci_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensure no resources are left allocated.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=4.19.302<4.20
Linux Kernel	>=5.4.264<5.4.292
Linux Kernel	>=5.10.204<5.10.236
Linux Kernel	>=5.15.143<5.15.180
Linux Kernel	>=6.1.68<6.1.134
Linux Kernel	>=6.6.7<6.6.87
Linux Kernel	>=6.7<6.12.23
Linux Kernel	>=6.13<6.13.11
Linux Kernel	>=6.14<6.14.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-22054?
CVE-2025-22054 is categorized as a high severity vulnerability due to its potential to cause a NULL pointer dereference in the Linux kernel.
How do I fix CVE-2025-22054?
To fix CVE-2025-22054, update your Linux kernel to the latest version that contains the patch addressing this vulnerability.
Which versions of the Linux Kernel are affected by CVE-2025-22054?
CVE-2025-22054 affects Linux kernel versions between 4.19.302 and 4.20, 5.4.264 and 5.4.292, 5.10.204 and 5.10.236, 5.15.143 and 5.15.180, 6.1.68 and 6.1.134, 6.6.7 and 6.6.87, 6.7 and 6.12.23, 6.13 and 6.13.11, and 6.14 and 6.14.2.
What components are impacted by CVE-2025-22054?
CVE-2025-22054 impacts the arcnet driver in the Linux kernel.
Is CVE-2025-22054 remote exploitable?
CVE-2025-22054 is not considered remote exploitable as it requires local access to the affected system.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/source
agent/author
agent/event
collector/nvd-api
source/NVD
agent/remedy
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
vendor/linux
canonical/linux kernel
version/linux kernel/4.19.302
version/linux kernel/5.4.264
version/linux kernel/5.10.204
version/linux kernel/5.15.143
version/linux kernel/6.1.68
version/linux kernel/6.6.7
version/linux kernel/6.7
version/linux kernel/6.13
version/linux kernel/6.14

Frequently Asked Questions

What is the severity of CVE-2025-22054?
CVE-2025-22054 is categorized as a high severity vulnerability due to its potential to cause a NULL pointer dereference in the Linux kernel.
How do I fix CVE-2025-22054?
To fix CVE-2025-22054, update your Linux kernel to the latest version that contains the patch addressing this vulnerability.
Which versions of the Linux Kernel are affected by CVE-2025-22054?
CVE-2025-22054 affects Linux kernel versions between 4.19.302 and 4.20, 5.4.264 and 5.4.292, 5.10.204 and 5.10.236, 5.15.143 and 5.15.180, 6.1.68 and 6.1.134, 6.6.7 and 6.6.87, 6.7 and 6.12.23, 6.13 and 6.13.11, and 6.14 and 6.14.2.
What components are impacted by CVE-2025-22054?
CVE-2025-22054 impacts the arcnet driver in the Linux kernel.
Is CVE-2025-22054 remote exploitable?
CVE-2025-22054 is not considered remote exploitable as it requires local access to the affected system.

CVE-2025-22054: arcnet: Add NULL check in com20020pci_probe()

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-22054?

How do I fix CVE-2025-22054?

Which versions of the Linux Kernel are affected by CVE-2025-22054?

What components are impacted by CVE-2025-22054?

Is CVE-2025-22054 remote exploitable?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2025-22054?

How do I fix CVE-2025-22054?

Which versions of the Linux Kernel are affected by CVE-2025-22054?

What components are impacted by CVE-2025-22054?

Is CVE-2025-22054 remote exploitable?