CVE-2025-21978

drm/hyperv: Fix address space leak when Hyper-V DRM device is removed

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for
the vram, and maps it cacheable. If the device removed, or in the error
path for device probing, the MMIO space is released but no unmap is done.
Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the
error path during device probing.

In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-04-01 CVE Published
2025-04-01 CVE Updated
2025-04-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/a0ab5abced550ddeefddb06055ed60779a54eb79	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c40cd24bfb9bfbb315c118ca14ebe6cf52e2dd1e	2025-03-28
https://git.kernel.org/stable/c/ad27b4a51495490b815580d9b935e8eee14d1a9c	2025-03-22
https://git.kernel.org/stable/c/24f1bbfb2be77dad82489c1468bbb14312aab129	2025-03-22
https://git.kernel.org/stable/c/158242b56bf465a73e1edeac0fe828a8acad4499	2025-03-22
https://git.kernel.org/stable/c/aed709355fd05ef747e1af24a1d5d78cd7feb81e	2025-03-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.12.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.12.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.13.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.13.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.14"		en		Affected