PT-2025-11018 · Linux+5 · Linux Kernel+5

Published

2025-02-14

·

Updated

2025-10-03

·

CVE-2025-21856

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A use-after-free issue has been identified in the Linux kernel. The problem arises because a device without a release function is considered broken and must be fixed. The current code frees the device after calling device add() without waiting for other kernel parts to release their references, potentially leading to use-after-free issues if a proper release function is not set. This issue is related to the s390/ism component and the device release() function in /drivers/base/core.c.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-4807
BDU:2025-12100
CVE-2025-21856
MGASA-2025-0111
MGASA-2025-0112
OESA-2025-1371
OESA-2025-1372
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7703-1
USN-7703-2
USN-7703-3
USN-7703-4
USN-7719-1
USN-7737-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu