CVE-2025-21833

iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d patch
https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b patch

Frequently Asked Questions

What is the severity of CVE-2025-21833?
CVE-2025-21833 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21833?
To fix CVE-2025-21833, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21833 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21833 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21833?
CVE-2025-21833 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.