CVE-2025-21998 Information

Description

In the Linux kernel the following vulnerability has been resolved:

firmware: qcom: uefisecapp: fix efivars registration race

Since the conversion to using the TZ allocator the efivars service is registered before the memory pool has been allocated something which can lead to a NULL-pointer dereference in case of a racing EFI variable access.

Make sure that all resources have been set up before registering the efivars.

Reference

https://git.kernel.org/stable/c/c4e37b381a7a243c298a4858fc0a5a74e737c79a https://git.kernel.org/stable/c/da8d493a80993972c427002684d0742560f3be4a https://git.kernel.org/stable/c/f15a2b96a0e41c426c63a932d0e63cde7b9784aa