Linux · Linux Kernel · CVE-2025-21668
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 6.1.126
Linux kernel versions prior to 6.6.73
Linux kernel versions prior to 6.12.10
**Description**
The issue is related to the `imx8mp blk ctrl remove()` function in the Linux kernel, which can cause an out-of-bounds exception due to a missing loop break condition. This can lead to a denial of service. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- The `imx8mp blk ctrl remove()` function is vulnerable due to a missing loop break condition, causing it to continue until an out-of-bounds exception occurs.
- The call trace includes `dev pm domain detach+0x8/0x48`, `platform shutdown+0x2c/0x48`, and other functions.
**Recommendations**
To resolve the issue for Linux kernel versions prior to 6.1.126, update to version 6.1.126 or later.
To resolve the issue for Linux kernel versions prior to 6.6.73, update to version 6.6.73 or later.
To resolve the issue for Linux kernel versions prior to 6.12.10, update to version 6.12.10 or later.
As a temporary workaround, consider disabling the `imx8mp blk ctrl remove()` function until a patch is available.