CVE-2025-21856

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calling device_add() without waiting for other kernel parts to release their references. Thus, a reference could still be held to a struct device, e.g., by sysfs, leading to potential use-after-free issues if a proper release function is not set.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0505ff2936f166405d81d0d454a81d9c14124344	Patch
https://git.kernel.org/stable/c/915e34d5ad35a6a9e56113f852ade4a730fb88f0	Patch
https://git.kernel.org/stable/c/940d15254d2216b585558bcf36312da50074e711	Patch
https://git.kernel.org/stable/c/e26e8ac27351f457091459a0a355bacd06d5bb2b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::

History

13 Mar 2025, 21:18

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/0505ff2936f166405d81d0d454a81d9c14124344 -~~	() https://git.kernel.org/stable/c/0505ff2936f166405d81d0d454a81d9c14124344 - Patch
References	~~() https://git.kernel.org/stable/c/915e34d5ad35a6a9e56113f852ade4a730fb88f0 -~~	() https://git.kernel.org/stable/c/915e34d5ad35a6a9e56113f852ade4a730fb88f0 - Patch
References	~~() https://git.kernel.org/stable/c/940d15254d2216b585558bcf36312da50074e711 -~~	() https://git.kernel.org/stable/c/940d15254d2216b585558bcf36312da50074e711 - Patch
References	~~() https://git.kernel.org/stable/c/e26e8ac27351f457091459a0a355bacd06d5bb2b -~~	() https://git.kernel.org/stable/c/e26e8ac27351f457091459a0a355bacd06d5bb2b - Patch
CWE		CWE-416
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/ism: añadir función de liberación para struct device. Según device_release() en /drivers/base/core.c, un dispositivo sin función de liberación es un dispositivo dañado y debe repararse. El código actual libera el dispositivo directamente tras llamar a device_add() sin esperar a que otras partes del kernel liberen sus referencias. Por lo tanto, una referencia a un dispositivo de estructura podría seguir manteniéndose, por ejemplo, mediante sysfs, lo que podría provocar problemas de uso después de la liberación si no se configura una función de liberación adecuada.

12 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-12 10:15

Updated : 2025-03-13 21:18

NVD link : CVE-2025-21856

Mitre link : CVE-2025-21856

CVE.ORG link : CVE-2025-21856

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10