DEBIAN-CVE-2025-21998

DEBIAN-CVE-2025-21998 PUBLISHED CVSS 4.699999809265137 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0
Debian:14	linux	0, 0

Timeline

Apr 3, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-21998 advisory

Open in Interactive Console →