CVE-2025-21770
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21770
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21770.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21770
- Downstream
- Related
- Published
- 2025-02-27T02:18:18Z
- Modified
- 2025-10-17T21:23:51.761028Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- iommu: Fix potential memory leak in iopf_queue_remove_device()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix potential memory leak in iopfqueueremove_device()
The iopfqueueremovedevice() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMUPAGERESPINVALID code and detaches the device from the queue.
However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopfqueueremove_device() is called with pending iopf's.
Fix it by calling iopffreegroup() after the iopf group is responded.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced19911232713573a2ebea84a25bd4d71d024ed86bFixeddb60d2d896a17decd58d143eef92cf22eb0a0176
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced19911232713573a2ebea84a25bd4d71d024ed86bFixed90d5429cd2921ca2714684ed525898d431bb9283
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced19911232713573a2ebea84a25bd4d71d024ed86bFixed9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.13.3
v6.14-rc1
v6.14-rc2
v6.8
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"target": {
"file": "drivers/iommu/io-pgfault.c"
},
"id": "CVE-2025-21770-30df6aab",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@90d5429cd2921ca2714684ed525898d431bb9283",
"digest": {
"line_hashes": [
"23825054100359800711968958759602624265",
"149019995643787253243096996553759422616",
"287576732114314751224462577281136867783",
"210944042513148901409915299476137305162"
],
"threshold": 0.9
}
},
{
"target": {
"function": "iopf_queue_remove_device",
"file": "drivers/iommu/io-pgfault.c"
},
"id": "CVE-2025-21770-344e3e08",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db60d2d896a17decd58d143eef92cf22eb0a0176",
"digest": {
"function_hash": "255824598626284589122017528921862377127",
"length": 997.0
}
},
{
"target": {
"function": "iopf_queue_remove_device",
"file": "drivers/iommu/io-pgfault.c"
},
"id": "CVE-2025-21770-38d32d38",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@90d5429cd2921ca2714684ed525898d431bb9283",
"digest": {
"function_hash": "255824598626284589122017528921862377127",
"length": 997.0
}
},
{
"target": {
"file": "drivers/iommu/io-pgfault.c"
},
"id": "CVE-2025-21770-9414a552",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db60d2d896a17decd58d143eef92cf22eb0a0176",
"digest": {
"line_hashes": [
"23825054100359800711968958759602624265",
"149019995643787253243096996553759422616",
"287576732114314751224462577281136867783",
"210944042513148901409915299476137305162"
],
"threshold": 0.9
}
},
{
"target": {
"file": "drivers/iommu/io-pgfault.c"
},
"id": "CVE-2025-21770-a650dbe8",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08",
"digest": {
"line_hashes": [
"23825054100359800711968958759602624265",
"149019995643787253243096996553759422616",
"287576732114314751224462577281136867783",
"210944042513148901409915299476137305162"
],
"threshold": 0.9
}
},
{
"target": {
"function": "iopf_queue_remove_device",
"file": "drivers/iommu/io-pgfault.c"
},
"id": "CVE-2025-21770-a9bbc679",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08",
"digest": {
"function_hash": "255824598626284589122017528921862377127",
"length": 997.0
}
}
]