CVE-2025-4478

HIGH Year: 2025
CVSS v3 Score
7.1
High
Weakness Type
CWE-476
View all →

Vulnerability Description

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

Related Vulnerabilities

CVE-2011-1985

HIGH
CVSS:7.1(High)

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop...

CWE-4762011

CVE-2020-10600

HIGH
CVSS:7.1(High)

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive (2018 SP2 and prior versio...

CWE-4762020

CVE-2020-11668

HIGH
CVSS:7.1(High)

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

CWE-4762020

CVE-2021-1064

HIGH
CVSS:7.1(High)

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which m...

CWE-4762021

CVE-2021-3739

HIGH
CVSS:7.1(High)

A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacke...

CWE-4762021

CVE-2021-37643

HIGH
CVSS:7.1(High)

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefere...

CWE-4762021