CVE-2025-21856 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calling device_add() without waiting for other kernel parts to release their references. Thus, a reference could still be held to a struct device, e.g., by sysfs, leading to potential use-after-free issues if a proper release function is not set.

Reserved 2024-12-29 | Published 2025-03-12 | Updated 2025-03-12 | Assigner Linux

Product status

Default status

unaffected

8c81ba20349daf9f7e58bb05a0c12f4b71813a30 before 940d15254d2216b585558bcf36312da50074e711

affected

8c81ba20349daf9f7e58bb05a0c12f4b71813a30 before 0505ff2936f166405d81d0d454a81d9c14124344

affected

8c81ba20349daf9f7e58bb05a0c12f4b71813a30 before e26e8ac27351f457091459a0a355bacd06d5bb2b

affected

8c81ba20349daf9f7e58bb05a0c12f4b71813a30 before 915e34d5ad35a6a9e56113f852ade4a730fb88f0

affected

Default status

affected

6.3

affected

Any version before 6.3

unaffected

6.6.80

unaffected

6.12.17

unaffected

6.13.5

unaffected

6.14-rc4

unaffected

References

git.kernel.org/...c/940d15254d2216b585558bcf36312da50074e711

git.kernel.org/...c/0505ff2936f166405d81d0d454a81d9c14124344

git.kernel.org/...c/e26e8ac27351f457091459a0a355bacd06d5bb2b

git.kernel.org/...c/915e34d5ad35a6a9e56113f852ade4a730fb88f0

cve.org (CVE-2025-21856)

nvd.nist.gov (CVE-2025-21856)

Download JSON

https://cve.threatint.com/CVE/CVE-2025-21856

Support options

Helpdesk Chat, Email, Knowledgebase