CVE-2025-21882

MEDIUM

Linux Kernel 6.13-6.13.6 - Use-After-Free in vport QoS Cleanup

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed, causing a leak. Add the missing free and reset the vport scheduling node pointer to NULL.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/fead368502bce0e10bea7c0d2895b2fa0c6c10aa

Patch

https://git.kernel.org/stable/c/7f3528f7d2f98b70e19a6bb7b130fc82c079ac54

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (9)

linux/Kernel 6.13.0 - 6.13.6linux

Linux/Linux < 6.13

Linux/Linux 6.13

Linux/Linux 6.13.6 - 6.13.*

Linux/Linux 6.14

Linux/Linux be034baba83e2a80a0b2c0f24c08547b6eedc79a - 7f3528f7d2f98b70e19a6bb7b130fc82c079ac54

Linux/Linux be034baba83e2a80a0b2c0f24c08547b6eedc79a - fead368502bce0e10bea7c0d2895b2fa0c6c10aa

linux/linux_kernel 6.14 rc1 (4 CPE variants)

linux/linux_kernel 6.13 - 6.13.6

Published Mar 27, 2025

Tracked Since Feb 18, 2026