PT-2025-11023 · Linux+10 · Linux Kernel+10

Published

2025-02-17

·

Updated

2026-05-07

·

CVE-2025-21861

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-09623-g6c216bc522fd
Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the migrate device finalize() function, where a folio to be freed is not added to the LRU, causing memcg code to produce warnings. The vulnerability is triggered when the folio putback lru() function is called on folios with memcg data equal to 0. The issue is likely to cause unnecessary steps in the LRU handling, but it does not seem to cause any further problems.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:20095
ALSA-2025:20518
ALT-PU-2025-12647
ALT-PU-2025-4807
BDU:2026-02398
CVE-2025-21861
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-D030-1ADD-1E55
INFSA-2025_20518
OESA-2025-1729
OESA-2025-1730
OESA-2025-1870
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7703-1
USN-7703-2
USN-7703-3
USN-7703-4
USN-7719-1
USN-7737-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8141-1
USN-8163-1
USN-8163-2
USN-8243-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu