CVE-2025-21770
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix potential memory leak in iopf_queue_remove_device()
The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue.
However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopf_queue_remove_device() is called with pending iopf's.
Fix it by calling iopf_free_group() after the iopf group is responded.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 19911232713573a2ebea84a25bd4d71d024ed86b < db60d2d896a17decd58d143eef92cf22eb0a0176 | affected |
| Linux | Linux | 19911232713573a2ebea84a25bd4d71d024ed86b < 90d5429cd2921ca2714684ed525898d431bb9283 | affected |
| Linux | Linux | 19911232713573a2ebea84a25bd4d71d024ed86b < 9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08 | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/db60d2d896a17decd58d143eef92cf22eb0a0176
- https://git.kernel.org/stable/c/90d5429cd2921ca2714684ed525898d431bb9283
- https://git.kernel.org/stable/c/9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.