CVE-2025-21904

Updated: 2025-11-10 00:31:27.217151

Description:

In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs().


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2025-04-25 03:48:41 Low risk: this is a probe-path bug in the caif_virtio driver that can at most crash the kernel (avai...
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-04-25 03:48:41 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-04-25 03:48:41 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-04-25 03:48:41 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2025-04-25 03:48:40 Ignored due to low severity
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-04-25 03:48:40 Ignored due to low severity
Oracle Linux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-04-25 03:48:40 Ignored due to low severity
Oracle Linux 7 ELS kernel-uek 5.4.17 5.5 MEDIUM Released CLSA-2025:1746479711 2025-05-08 04:11:23 Ignored due to low severity
RHEL 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-05-27 03:51:05 Ignored due to low severity
TuxCare 9.6 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2025-07-05 02:18:04 Low operational risk: this bug is confined to the caif_virtio modem-transport driver and manifests i...
Total: 14