PT-2025-13220 · Linux+7 · Linux Kernel+7

Published

2025-02-24

·

Updated

2026-04-20

·

CVE-2025-21883

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the deinitialization of Virtual Functions (VFs) in the Linux kernel. When ice ena vfs() fails after calling ice create vf entries(), it frees all VFs without removing them from the snapshot PF-VF mailbox list, leading to list corruption. This can cause a kernel bug, and in some cases, a KASAN report may be seen instead. The problem arises because VFs are added to the list in ice mbx init vf info() but only removed in ice free vfs(). To fix this, the removal of VFs should be moved to ice free vf entries(), which is also called in other places where VFs are being removed.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-416

Related Identifiers

ALSA-2025:9302
ALSA-2025:9896
BDU:2025-03680
CVE-2025-21883
INFSA-2025_9302
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
RHSA-2025:9302
RHSA-2025:9896
RHSA-2025_9302
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu