CVE-2025-21833

MEDIUM5.5

iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

Published Mar 6, 2025

Modified 5 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the pasid. In case it nevertheless happens we must avoid using a NULL pointer.

References

WEB

https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b

WEB

https://git.kernel.org/stable/c/68ec78beb4a3fb0877cbaaf49758c85410c05977

WEB

https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-21833

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMar 6, 2025

ModifiedNov 2, 2025