2348510 – (CVE-2025-21770) CVE-2025-21770 kernel: iommu: Fix potential memory leak in iopf_queue_remove_device()

Bug 2348510 (CVE-2025-21770) - CVE-2025-21770 kernel: iommu: Fix potential memory leak in iopf_queue_remove_device()

Summary: CVE-2025-21770 kernel: iommu: Fix potential memory leak in iopf_queue_remove_...

Keywords:
Status:	NEW
Alias:	CVE-2025-21770
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-27 03:01 UTC by OSIDB Bzimport
Modified:	2025-02-27 14:19 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-27 03:01:15 UTC

In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix potential memory leak in iopf_queue_remove_device()

The iopf_queue_remove_device() helper removes a device from the per-iommu
iopf queue when PRI is disabled on the device. It responds to all
outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the
device from the queue.

However, it fails to release the group structure that represents a group
of iopf's awaiting for a response after responding to the hardware. This
can cause a memory leak if iopf_queue_remove_device() is called with
pending iopf's.

Fix it by calling iopf_free_group() after the iopf group is responded.

Comment 1 Michal Findra 2025-02-27 13:47:17 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2025-21770-d7e0@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.