CVE-2025-21661

MEDIUM

Linux Kernel 6.11-6.12.10 - Use-After-Free in GPIO Virtuser Lookup Table

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from succeeding, even if the issue is corrected, unless the device is released. Additionally, cleanup is also needed in the less likely case of platform_device_register_full() failure. Besides, a consistent memory leak in lookup_table->dev_id was spotted using kmemleak by toggling the live state between 0 and 1 with a correct lookup table. Introduce gpio_virtuser_remove_lookup_table() as the counterpart to the existing gpio_virtuser_make_lookup_table() and call it from all necessary points to ensure proper cleanup.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/d72d0126b1f6981f6ce8b4247305f359958c11b5

Patch

https://git.kernel.org/stable/c/a619cba8c69c434258ff4101d463322cd63e1bdc

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (9)

linux/Kernel 6.11.0 - 6.12.10linux

Linux/Linux < 6.11

Linux/Linux 6.11

Linux/Linux 6.12.10 - 6.12.*

Linux/Linux 6.13

Linux/Linux 91581c4b3f29e2e22aeb1a62e842d529ca638b2d - a619cba8c69c434258ff4101d463322cd63e1bdc

Linux/Linux 91581c4b3f29e2e22aeb1a62e842d529ca638b2d - d72d0126b1f6981f6ce8b4247305f359958c11b5

linux/linux_kernel 6.13 rc1 (6 CPE variants)

linux/linux_kernel 6.11 - 6.12.10

Published Jan 21, 2025

Tracked Since Feb 18, 2026