CVE-2025-21745

blk-cgroup: Fix class @block_class's subsystem refcount leakage

Description

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exit(), so causes the class's subsystem refcount leakage. Fix by ending the iterating with class_dev_iter_exit().

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ffb494f1e7a047bd7a41b13796fcfb08fe5beafb
https://git.kernel.org/stable/c/38287f779b34dfe959b4b681e909f2d3d52b88be
https://git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0 patch
https://git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309 patch
https://git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876 patch
https://git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126 patch
https://git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025e patch

Frequently Asked Questions

What is the severity of CVE-2025-21745?
CVE-2025-21745 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21745?
To fix CVE-2025-21745, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21745 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21745 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21745?
CVE-2025-21745 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.