CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21745: blk-cgroup: Fix class @block_class's subsystem refcount leakage

Description

In the Linux kernel, the following vulnerability has been resolved:

blk-cgroup: Fix class @block_class's subsystem refcount leakage

blkcg_fill_root_iostats() iterates over @block_class's devices by
class_dev_iter_(init|next)(), but does not end iterating with
class_dev_iter_exit(), so causes the class's subsystem refcount leakage.

Fix by ending the iterating with class_dev_iter_exit().

Classification

CVE ID: CVE-2025-21745

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.76% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21745
https://git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0
https://git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309
https://git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876
https://git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126
https://git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025e

Timeline

2025-02-27 03:40:31 UTC
CVE

blk-cgroup: Fix class @block_class's subsystem refcount leakage