Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.10, < 5.4.291 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/29e0cd296c87240278e2f7ea4cf3f496b60c03afPatch
- https://git.kernel.org/stable/c/56cddf71cce3b15b078e937fadab29962b6f6643Patch
- https://git.kernel.org/stable/c/597c27e5f04cb50e56cc9aeda75d3e42b6b89c3ePatch
- https://git.kernel.org/stable/c/7b5fe58959822e6cfa884327cabba6be3b01883dPatch
- https://git.kernel.org/stable/c/8e4e08ca4cc634b337bb74bc9a70758fdeda0bcbPatch
- https://git.kernel.org/stable/c/90d302619ee7ce5ed0c69c29c290bdccfde66418Patch
- https://git.kernel.org/stable/c/990fff6980d0c1693d60a812f58dbf93eab0473fPatch
- https://git.kernel.org/stable/c/a466fd7e9fafd975949e5945e2f70c33a94b1a70Patch
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
FAQ
What is CVE-2025-21904?
CVE-2025-21904 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for...
How severe is CVE-2025-21904?
CVE-2025-21904 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21904?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.