PT-2025-14295 · Linux+6 · Linux Kernel+6
Published
2025-01-24
·
Updated
2026-04-20
·
CVE-2025-21914
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been identified, related to the slimbus messaging system. In cases where an interrupt is delayed, the
slim do transfer() function returns a timeout error without freeing the transaction ID (TID). This leads to invalid memory access within the qcom slim ngd rx msgq cb() function due to the invalid TID. The issue can cause a kernel panic and result in a fatal exception in interrupt.Recommendations
To resolve the issue, free the TID in
slim do transfer() before returning a timeout error to avoid invalid memory access.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu