CVE-2025-21935

rapidio: add check for rio_add_net() in rio_scan_alloc_net()

Description

In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net().

N/A
CVSS
Severity:
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6d22953c4a183d0b7fdf34d68c5debd16da6edc5
https://git.kernel.org/stable/c/4f3509cfcc02e9d757f2714bb7dbbeec35de6fa7
https://git.kernel.org/stable/c/181d4daaefb3bceeb2f2635ba9f3781eeda9e550
https://git.kernel.org/stable/c/ad82be4298a89a9ae46f07128bdf3d8614bce745
https://git.kernel.org/stable/c/e6411c3b9512dba09af7d014d474516828c89706
https://git.kernel.org/stable/c/c332f3e2df0fcae5a45fd55cc18902fb1e4825ca
https://git.kernel.org/stable/c/a0d069ccc475abaaa79c6368ee27fc0b5912bea8
https://git.kernel.org/stable/c/e842f9a1edf306bf36fe2a4d847a0b0d458770de

Frequently Asked Questions

What is the severity of CVE-2025-21935?
CVE-2025-21935 has not yet been assigned a CVSS score.
How to fix CVE-2025-21935?
To fix CVE-2025-21935, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21935 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21935 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21935?
CVE-2025-21935 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.