CVE-2025-21934: rapidio: fix an API misues when rio_add_net() fails
First published: Tue Apr 01 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=4.6<5.4.291 | |
| Linux Kernel | >=5.5<5.10.235 | |
| Linux Kernel | >=5.11<5.15.179 | |
| Linux Kernel | >=5.16<6.1.131 | |
| Linux Kernel | >=6.2<6.6.83 | |
| Linux Kernel | >=6.7<6.12.19 | |
| Linux Kernel | >=6.13<6.13.7 | |
| Linux Kernel | =6.14-rc1 | |
| Linux Kernel | =6.14-rc2 | |
| Linux Kernel | =6.14-rc3 | |
| Linux Kernel | =6.14-rc4 | |
| Linux Kernel | =6.14-rc5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/d4ec862ce80f64db923a1d942b5d11cf6fc87d36
- https://git.kernel.org/stable/c/88ddad53e4cfb6de861c6d4fb7b25427f46baed5
- https://git.kernel.org/stable/c/cdd9f58f7fe41a55fae4305ea51fc234769fd466
- https://git.kernel.org/stable/c/a5f5e520e8fbc6294020ff8afa36f684d92c6e6a
- https://git.kernel.org/stable/c/2537f01d57f08c527e40bbb5862aa6ff43344898
- https://git.kernel.org/stable/c/22e4977141dfc6d109bf29b495bf2187b4250990
- https://git.kernel.org/stable/c/f0aa4ee1cbbf7789907e5a3f6810de01c146c211
- https://git.kernel.org/stable/c/b2ef51c74b0171fde7eb69b6152d3d2f743ef269
Frequently Asked Questions
What is the severity of CVE-2025-21934?
CVE-2025-21934 has been classified as a low severity vulnerability in the Linux kernel.
How do I fix CVE-2025-21934?
To fix CVE-2025-21934, you should update to the latest version of the Linux kernel that addresses this vulnerability.
What components are impacted by CVE-2025-21934?
CVE-2025-21934 specifically affects the RapidIO subsystem in the Linux kernel.
What type of vulnerability is CVE-2025-21934?
CVE-2025-21934 is an API misuse vulnerability that affects device registration handling.
When was CVE-2025-21934 published?
CVE-2025-21934 was published as part of a security update for the Linux kernel.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/source
- agent/author
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/severity
- agent/remedy
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.6
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13
- version/linux kernel/6.14-rc1
- version/linux kernel/6.14-rc2
- version/linux kernel/6.14-rc3
- version/linux kernel/6.14-rc4
- version/linux kernel/6.14-rc5