VDB
CISA-2023-53332
CISA-2023-53332
PUBLISHED
CVSS 5.5 MEDIUM
Reported by Linux · Published September 16, 2025
In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() If ipi_send_{mask|single}() is called with an invalid interrupt number, all the local variables there will be NULL. ipi_send_verify() which is invoked from these functions does verify its 'data' parameter, resulting in a kernel oops in irq_data_get_affinity_mask() as the passed NULL pointer gets dereferenced. Add a missing NULL pointer check in ipi_send_verify()... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 3b8e29a82dd16c1f2061e0b955a71cd36eeb061b, 3b8e29a82dd16c1f2061e0b955a71cd36eeb061b, 3b8e29a82dd16c1f2061e0b955a71cd36eeb061b |
| Linux | Linux | 4.6, 0, 6.1.18 |
| Linux | Linux | *, 4.6, 0 |
| linux | linux_kernel | 4.6, 4.6, 4.6 |
Timeline
- Sep 16, 2025 CVE Published
- Jan 14, 2026 CVE Updated