CVE-2025-21773 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2025-21773?

CVE-2025-21773 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's CAN bus driver for ETAS ES58x USB devices. An attacker could trigger a kernel panic or system crash by spoofing a USB device with a NULL serial number. This affects Linux systems using the etas_es58x driver.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's CAN bus driver for ETAS ES58x USB devices. An attacker could trigger a kernel panic or system crash by spoofing a USB device with a NULL serial number. This affects Linux systems using the etas_es58x driver.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with etas_es58x driver before fixes were applied

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when etas_es58x driver is loaded and used with USB CAN devices.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through system crash when malicious USB device is connected.

🟢

If Mitigated

Minimal impact with proper USB device restrictions and driver patching.

🌐 Internet-Facing: LOW - Requires physical or local USB device access.

🏢 Internal Only: MEDIUM - Malicious insider or compromised device could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires physical USB device access or ability to connect spoofed USB device. No authentication needed once device is connected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 1590667a60753ee5a54871f2840ceefd4a7831fa, 5059ea98d7bc133903d3e47ab36df6ed11d0c95f, 722e8e1219c8b6ac2865011fe339315d6a8d0721, or a1ad2109ce41c9e3912dadd07ad8a9c640064ffb

Vendor Advisory: https://git.kernel.org/stable/c/1590667a60753ee5a54871f2840ceefd4a7831fa

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify driver is updated.

🔧 Temporary Workarounds

Disable etas_es58x driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist etas_es58x' >> /etc/modprobe.d/blacklist.conf
rmmod etas_es58x

Restrict USB device access

linux

Use udev rules to block unauthorized USB devices

echo 'SUBSYSTEM=="usb", ATTR{serial}=="", ATTR{idVendor}=="108c", ATTR{idProduct}=="0159|0163", MODE="0000"' > /etc/udev/rules.d/99-block-es58x.rules
udevadm control --reload-rules

🧯 If You Can't Patch

Implement strict physical security controls for USB ports
Use USB device whitelisting and disable automatic driver loading

🔍 How to Verify

Check if Vulnerable:

Check if etas_es58x module is loaded: lsmod | grep etas_es58x

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: grep -r '1590667a60753ee5a54871f2840ceefd4a7831fa' /lib/modules/$(uname -r)/source

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors mentioning etas_es58x

Network Indicators:

Unusual USB device connections if monitored

SIEM Query:

source="kern.log" AND "NULL pointer dereference" AND "etas_es58x"

📊 Metadata

CVE ID: CVE-2025-21773

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (10.5th percentile)

Published: February 27, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21773, you might also want to check these: