CVE-2025-21670: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21670 is a vulnerability in the Linux kernel affecting the vsock/bpf subsystem, discovered in January 2025. The issue occurs when core functions are called without a properly assigned transport, specifically after a failed connection attempt. This vulnerability affects Linux kernel versions from 6.4 through 6.13-rc7 (NVD).

The vulnerability is a NULL pointer dereference in the vsock/bpf subsystem of the Linux kernel. It occurs when certain core functions are called without checking if the transport has been assigned, particularly after a failed connect() operation. The issue manifests in the vsockbpfrecvmsg() function, where vsk->transport might be NULL, leading to a kernel NULL pointer dereference at address 0x00000000000000a0. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and is classified as CWE-476 (NULL Pointer Dereference) (NVD, Kernel Patch).

When exploited, this vulnerability can cause a kernel crash through a NULL pointer dereference, leading to a denial of service condition. The impact is limited to availability, with no direct effects on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that adds an early return check if the transport is not assigned in the vsockbpfrecvmsg() function. The fix has been implemented across multiple kernel versions through backporting. Users are advised to update to patched kernel versions (Kernel Patch).