CVE-2025-21886Resource Injection in Linux

CWE-99Resource InjectionCWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedMar 27

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP hang on parent deregistration Fix the destroy_unused_implicit_child_mr() to prevent hanging during parent deregistration as of below [1]. Upon entering destroy_unused_implicit_child_mr(), the reference count for the implicit MR parent is incremented using: refcount_inc_not_zero(). A corresponding decrement must be performed if free_implicit_child_mr_work() is not called. The code has been updated

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel6.12.136.12.18+2
Debianlinux/linux_kernel< 6.12.19-1+1
CVEListV5linux/linux7cc8f681f6d4ae4478ae0f60485fc768f2b450dacb96ae783e7249e8e5a50c22952c0bb2983133df+4
debiandebian/linux< linux 6.12.19-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-4q32-287f-wf74: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP hang on parent deregistration Fix the destroy_unused2025-03-27
OSV
CVE-2025-21886: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP hang on parent deregistration Fix the destroy_unused_i2025-03-27

📋Vendor Advisories

3
Red Hat
kernel: RDMA/mlx5: Fix implicit ODP hang on parent deregistration2025-03-27
Debian
CVE-2025-21886: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: ...2025
Microsoft
Xorg-x11-server: heap buffer overflow in disabledevice2024-02-13
CVE-2025-21886 — Resource Injection in Linux | cvebase