Bug 2343172 (CVE-2025-21671) - CVE-2025-21671 kernel: zram: fix potential UAF of zram table
Summary: CVE-2025-21671 kernel: zram: fix potential UAF of zram table
Keywords:
Status: NEW
Alias: CVE-2025-21671
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-01-31 12:01 UTC by OSIDB Bzimport
Modified: 2025-11-11 10:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:20095 0 None None None 2025-11-11 08:01:55 UTC
Red Hat Product Errata RHSA-2025:20518 0 None None None 2025-11-11 10:24:48 UTC

Description OSIDB Bzimport 2025-01-31 12:01:48 UTC 
In the Linux kernel, the following vulnerability has been resolved:

zram: fix potential UAF of zram table

If zram_meta_alloc failed early, it frees allocated zram->table without
setting it NULL.  Which will potentially cause zram_meta_free to access
the table if user reset an failed and uninitialized device.
Comment 1 Pedro Sampaio 2025-01-31 18:30:57 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025013159-CVE-2025-21671-c4b0@gregkh/T
Comment 2 errata-xmlrpc 2025-11-11 08:01:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:20095 https://access.redhat.com/errata/RHSA-2025:20095
Comment 3 errata-xmlrpc 2025-11-11 10:24:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:20518 https://access.redhat.com/errata/RHSA-2025:20518
Note You need to log in before you can comment on or make changes to this bug.