CVE - CVE-2025-21810

CVE-ID
CVE-2025-21810	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() There are a potential wild pointer dereferences issue regarding APIs class_dev_iter_(init\|next\|exit)(), as explained by below typical usage: // All members of @iter are wild pointers. struct class_dev_iter iter; // class_dev_iter_init(@iter, @class, ...) checks parameter @class for // potential class_to_subsys() error, and it returns void type and does // not initialize its output parameter @iter, so caller can not detect // the error and continues to invoke class_dev_iter_next(@iter) even if // @iter still contains wild pointers. class_dev_iter_init(&iter, ...); // Dereference these wild pointers in @iter here once suffer the error. while (dev = class_dev_iter_next(&iter)) { ... }; // Also dereference these wild pointers here. class_dev_iter_exit(&iter); Actually, all callers of these APIs have such usage pattern in kernel tree. Fix by: - Initialize output parameter @iter by memset() in class_dev_iter_init() and give callers prompt by pr_crit() for the error. - Check if @iter is valid in class_dev_iter_next().
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1614e75d1a1b63db6421c7a4bf37004720c7376c URL:https://git.kernel.org/stable/c/1614e75d1a1b63db6421c7a4bf37004720c7376c MISC:https://git.kernel.org/stable/c/5c504e9767b947cf7d4e29b811c0c8b3c53242b7 URL:https://git.kernel.org/stable/c/5c504e9767b947cf7d4e29b811c0c8b3c53242b7 MISC:https://git.kernel.org/stable/c/e128f82f7006991c99a58114f70ef61e937b1ac1 URL:https://git.kernel.org/stable/c/e128f82f7006991c99a58114f70ef61e937b1ac1 MISC:https://git.kernel.org/stable/c/f4b9bc823b0cfdebfed479c0e87d6939c7562e87 URL:https://git.kernel.org/stable/c/f4b9bc823b0cfdebfed479c0e87d6939c7562e87
Assigning CNA
kernel.org
Date Record Created
20241229	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241229)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)