CVE-2025-21671
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
zram: fix potential UAF of zram table
If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an failed and uninitialized device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | ac3b5366b9b7c9d97b606532ceab43d2329a22f3 < fe3de867f94819ba0f28e035c0b0182150147d95 | affected |
| Linux | Linux | 0b5b0b65561b34e6e360de317e4bcd031bfabf42 < 571d3f6045cd3a6d9f6aec33b678f3ffe97582ef | affected |
| Linux | Linux | 6fb92e9a52e3feae309a213950f21dfcd1eb0b40 < 902ef8f16d5ca77edc77c30656be54186c1e99b7 | affected |
| Linux | Linux | 74363ec674cb172d8856de25776c8f3103f05e2f < 212fe1c0df4a150fb6298db2cfff267ceaba5402 | affected |
| Linux | Linux | 6.1.122 < 6.1.127 | affected |
| Linux | Linux | 6.6.68 < 6.6.74 | affected |
| Linux | Linux | 6.12.7 < 6.12.11 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/fe3de867f94819ba0f28e035c0b0182150147d95
- https://git.kernel.org/stable/c/571d3f6045cd3a6d9f6aec33b678f3ffe97582ef
- https://git.kernel.org/stable/c/902ef8f16d5ca77edc77c30656be54186c1e99b7
- https://git.kernel.org/stable/c/212fe1c0df4a150fb6298db2cfff267ceaba5402
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.