CVE-2025-71291 PUBLISHED

misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()

Assigner: Linux
Reserved: 06.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()

In the function bcm_vk_read(), the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause null-pointer dereferences:

struct vk_msg_blk tmp_msg = entry->to_h_msg[0]; set_msg_id(&tmp_msg, entry->usr_msg_id); tmp_msg.size = entry->to_h_blks - 1;

To prevent these possible null-pointer dereferences, copy to_h_msg, usr_msg_id, and to_h_blks from iter into temporary variables, and return these temporary variables to the application instead of accessing them through a potentially NULL entry.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 741c5a3a0cd893a4218fc0fc8c18403e54fcfb22 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ece3722169ba93734bfd1f06255e8ab7f19fe964 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to aa97ccc3dc1eba9f4537f0410e9dbb0b05ccf2fb (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 3842f93e6e29d5cc1dcb9e5bda70587b444bed69 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 20f2d9dbe5e972516f8f9948d7ae5b95d1ad77bd (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to ba75ecb97d3f4e95d59002c13afb6519205be6cb (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.1.165 to 6.1.* (incl.)
  • unaffected from 6.6.128 to 6.6.* (incl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.16 to 6.18.* (incl.)
  • unaffected from 6.19.6 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References