CVE-2025-21671

Summary

In the Linux kernel, the following vulnerability has been resolved:

zram: fix potential UAF of zram table

If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an failed and uninitialized device.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxac3b5366b9b7c9d97b606532ceab43d2329a22f3 < fe3de867f94819ba0f28e035c0b0182150147d95affected
LinuxLinux0b5b0b65561b34e6e360de317e4bcd031bfabf42 < 571d3f6045cd3a6d9f6aec33b678f3ffe97582efaffected
LinuxLinux6fb92e9a52e3feae309a213950f21dfcd1eb0b40 < 902ef8f16d5ca77edc77c30656be54186c1e99b7affected
LinuxLinux74363ec674cb172d8856de25776c8f3103f05e2f < 212fe1c0df4a150fb6298db2cfff267ceaba5402affected
LinuxLinux6.1.122 < 6.1.127affected
LinuxLinux6.6.68 < 6.6.74affected
LinuxLinux6.12.7 < 6.12.11affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References