CVE-2025-21978

MEDIUM

Linux Kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing.

References (6)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

[Patch] https://git.kernel.org/stable/c/158242b56bf465a73e1edeac0fe828a8acad4499

[Patch] https://git.kernel.org/stable/c/24f1bbfb2be77dad82489c1468bbb14312aab129

[Patch] https://git.kernel.org/stable/c/ad27b4a51495490b815580d9b935e8eee14d1a9c

[Patch] https://git.kernel.org/stable/c/aed709355fd05ef747e1af24a1d5d78cd7feb81e

[Patch] https://git.kernel.org/stable/c/c40cd24bfb9bfbb315c118ca14ebe6cf52e2dd1e

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 23.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (11)

linux/linux_kernel < 6.1.132

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/Kernel < 6.1.132linux

linux/Kernel < 6.6.84linux

linux/Kernel < 6.12.20linux

linux/Kernel < 6.13.8linux

Timeline

Published Apr 01, 2025

Tracked Since Feb 18, 2026