CVE-2025-21882

Published: Mar 27, 2025Modified: Oct 29, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed, causing a leak. Add the missing free and reset the vport scheduling node pointer to NULL.

Affected (5)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.13 to 6.13.6
Linux Linux Kernel	Version 6.14 rc1
Linux Linux Kernel	Version 6.14 rc2
Linux Linux Kernel	Version 6.14 rc3
Linux Linux Kernel	Version 6.14 rc4

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://git.kernel.org/stable/c/7f3528f7d2f98b70e19a6bb7b130fc82c079ac54

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fead368502bce0e10bea7c0d2895b2fa0c6c10aa

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.