Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue. However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopf_queue_remove_device() is called with pending iopf's. Fix it by calling iopf_free_group() after the iopf group is responded.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.9, < 6.12.16 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/90d5429cd2921ca2714684ed525898d431bb9283Patch
- https://git.kernel.org/stable/c/9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08Patch
- https://git.kernel.org/stable/c/db60d2d896a17decd58d143eef92cf22eb0a0176Patch
FAQ
What is CVE-2025-21770?
CVE-2025-21770 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per...
How severe is CVE-2025-21770?
CVE-2025-21770 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21770?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.