CVE-2025-21998

MEDIUM 4.7

firmware: qcom: uefisecapp: fix efivars registration race

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Apr 3, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

6612103ec35af6058bb85ab24dae28e119b3c055 < c4e37b381a7a243c298a4858fc0a5a74e737c79a 6612103ec35af6058bb85ab24dae28e119b3c055 < f15a2b96a0e41c426c63a932d0e63cde7b9784aa 6612103ec35af6058bb85ab24dae28e119b3c055 < da8d493a80993972c427002684d0742560f3be4a

Linux / Linux

6.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a git.kernel.org: https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa git.kernel.org: https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a