CVE-2025-21661Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime15 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 21
Latest updateApr 1

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from succeeding, even if the issue is corrected, unless the device is released. Additionally, cleanup is also needed in the less likely case of platform_device_register_full() failure. Besides, a consistent memor

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.116.12.10+1
Debianlinux/linux_kernel< 6.12.10-1+1
CVEListV5linux/linux91581c4b3f29e2e22aeb1a62e842d529ca638b2dd72d0126b1f6981f6ce8b4247305f359958c11b5+2
debiandebian/linux< linux 6.12.10-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
linux-raspi vulnerabilities2025-04-01
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-6.11, linux-oracle, linux-realtime vulnerabilities2025-03-27
OSV
linux-oem-6.11 vulnerabilities2025-03-27
OSV
linux-lowlatency vulnerabilities2025-03-27
OSV
linux-lowlatency-hwe-6.11 vulnerabilities2025-03-27

📋Vendor Advisories

7
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-04-01
Ubuntu
Linux kernel (Low Latency) vulnerabilities2025-03-27
Ubuntu
Linux kernel (Low Latency) vulnerabilities2025-03-27
Ubuntu
Linux kernel vulnerabilities2025-03-27
Ubuntu
Linux kernel (OEM) vulnerabilities2025-03-27
CVE-2025-21661 — Linux vulnerability | cvebase