CVE-2025-21770

MEDIUM

Linux Kernel - Use-After-Free in iopf_queue_remove_device

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue. However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopf_queue_remove_device() is called with pending iopf's. Fix it by calling iopf_free_group() after the iopf group is responded.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/db60d2d896a17decd58d143eef92cf22eb0a0176

Patch

https://git.kernel.org/stable/c/90d5429cd2921ca2714684ed525898d431bb9283

Patch

https://git.kernel.org/stable/c/9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 9.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (12)

linux/Kernel 6.13.0 - 6.13.4linux

linux/Kernel 6.9.0 - 6.12.16linux

Linux/Linux < 6.9

Linux/Linux 19911232713573a2ebea84a25bd4d71d024ed86b - 90d5429cd2921ca2714684ed525898d431bb9283

Linux/Linux 19911232713573a2ebea84a25bd4d71d024ed86b - 9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08

Linux/Linux 19911232713573a2ebea84a25bd4d71d024ed86b - db60d2d896a17decd58d143eef92cf22eb0a0176

Linux/Linux 6.12.16 - 6.12.*

Linux/Linux 6.13.4 - 6.13.*

Linux/Linux 6.14

Linux/Linux 6.9

... and 2 more

Published Feb 27, 2025

Tracked Since Feb 18, 2026