PT-2025-8882 · Linux+4 · Linux Kernel+4

Kevin Tian

Published

2025-01-17

Updated

2025-07-16

CVE-2025-21770

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the iopf queue remove device() function. This function is responsible for removing a device from the per-iommu iopf queue when PRI is disabled on the device. However, it fails to release the group structure that represents a group of iopf's awaiting a response after responding to the hardware, potentially causing a memory leak if iopf queue remove device() is called with pending iopf's.

Recommendations To resolve this issue, call iopf free group() after the iopf group is responded to, ensuring the proper release of the group structure and preventing potential memory leaks.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2025-12046

CVE-2025-21770

SUSE-SU-2025:02254-1

SUSE-SU-2025:02307-1

SUSE-SU-2025:02333-1

SUSE-SU-2025_02254-1

SUSE-SU-2025_02307-1

SUSE-SU-2025_02333-1

USN-7521-1

USN-7521-2

USN-7521-3

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2025-8882 · Linux+4 · Linux Kernel+4

CVE-2025-21770

Weakness Enumeration

Related Identifiers

Affected Products

References · 819