PT-2025-4349 · Linux+7 · Linux Kernel+7
Xiaolei Wang
·
Published
2025-01-15
·
Updated
2025-10-03
·
CVE-2025-21668
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.1.126
Linux kernel versions prior to 6.6.73
Linux kernel versions prior to 6.12.10
Description
The issue is related to the
imx8mp blk ctrl remove() function in the Linux kernel, which can cause an out-of-bounds exception due to a missing loop break condition. This can lead to a denial of service. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.Technical details about exploitation include:
- The
imx8mp blk ctrl remove()function is vulnerable due to a missing loop break condition, causing it to continue until an out-of-bounds exception occurs. - The call trace includes
dev pm domain detach+0x8/0x48,platform shutdown+0x2c/0x48, and other functions.
Recommendations
To resolve the issue for Linux kernel versions prior to 6.1.126, update to version 6.1.126 or later.
To resolve the issue for Linux kernel versions prior to 6.6.73, update to version 6.6.73 or later.
To resolve the issue for Linux kernel versions prior to 6.12.10, update to version 6.12.10 or later.
As a temporary workaround, consider disabling the
imx8mp blk ctrl remove() function until a patch is available.Exploit
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu