CVE-2025-21770

Summary

In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix potential memory leak in iopf_queue_remove_device()

The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue.

However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopf_queue_remove_device() is called with pending iopf's.

Fix it by calling iopf_free_group() after the iopf group is responded.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux19911232713573a2ebea84a25bd4d71d024ed86b < db60d2d896a17decd58d143eef92cf22eb0a0176affected
LinuxLinux19911232713573a2ebea84a25bd4d71d024ed86b < 90d5429cd2921ca2714684ed525898d431bb9283affected
LinuxLinux19911232713573a2ebea84a25bd4d71d024ed86b < 9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References