CVE-2025-21914
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21914
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21914.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21914
- Downstream
- Related
- Published
- 2025-04-01T16:15:21Z
- Modified
- 2025-08-09T20:01:25Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
slimbus: messaging: Free transaction ID in delayed interrupt scenario
In case of interrupt delay for any reason, slimdotransfer() returns timeout error but the transaction ID (TID) is not freed. This results into invalid memory access inside qcomslimngdrxmsgq_cb() due to invalid TID.
Fix the issue by freeing the TID in slimdotransfer() before returning timeout error to avoid invalid memory access.
Call trace: _memcpyfromio+0x20/0x190 qcomslimngdrxmsgqcb+0x130/0x290 [slimqcomngdctrl] vchancomplete+0x2a0/0x4a0 taskletactioncommon+0x274/0x700 taskletaction+0x28/0x3c stext+0x188/0x620 runksoftirqd+0x34/0x74 smpbootthreadfn+0x1d8/0x464 kthread+0x178/0x238 retfromfork+0x10/0x20 Code: aa0003e8 91000429 f100044a 3940002b (3800150b) ---[ end trace 0fe00bec2b975c99 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt.
- References
-
- https://git.kernel.org/stable/c/09d34c4cbc38485c7514069f25348e439555b282
- https://git.kernel.org/stable/c/0c541c8f6da23e0b92f0a6216d899659a7572074
- https://git.kernel.org/stable/c/18ae4cee05c310c299ba75d7477dcf34be67aa16
- https://git.kernel.org/stable/c/6abf3d8bb51cbaf886c3f08109a0462890b10db6
- https://git.kernel.org/stable/c/a32e5198a9134772eb03f7b72a7849094c55bda9
- https://git.kernel.org/stable/c/cec8c0ac173fe5321f03fdb1a09a9cb69bc9a9fe
- https://git.kernel.org/stable/c/dcb0d43ba8eb9517e70b1a0e4b0ae0ab657a0e5a
- https://git.kernel.org/stable/c/faac8e894014e8167471a8e4a5eb35a8fefbb82a