CVE-2025-21770 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix potential memory leak in iopf_queue_remove_device()

The iopf_queue_remove_device() helper removes a device from the per-iommu iopf queue when PRI is disabled on the device. It responds to all outstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue.

However, it fails to release the group structure that represents a group of iopf's awaiting for a response after responding to the hardware. This can cause a memory leak if iopf_queue_remove_device() is called with pending iopf's.

Fix it by calling iopf_free_group() after the iopf group is responded.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/25/2026

The vulnerability identified as CVE-2025-21770 resides within the Linux kernel's IOMMU (Input-Output Memory Management Unit) subsystem, specifically affecting the iopf_queue_remove_device() helper function. This function operates within the context of PCIe Page Request Interface (PRI) handling where devices can be dynamically removed from IOMMU queues when PRI functionality is disabled. The issue manifests as a memory management flaw that occurs during device removal operations, creating a persistent memory leak that can accumulate over time and potentially impact system stability. The vulnerability is particularly concerning because it operates at the kernel level where memory leaks can have cascading effects on system performance and resource availability.

The technical flaw stems from an incomplete cleanup operation within the iopf_queue_remove_device() function. When this function processes device removal, it properly responds to all outstanding IOMMU page requests with the IOMMU_PAGE_RESP_INVALID code and detaches the device from the queue structure. However, the function fails to invoke the iopf_free_group() cleanup routine which is responsible for releasing the memory allocated to represent groups of IOMMU page requests awaiting responses. This memory allocation occurs when multiple IOMMU page requests are grouped together for processing, creating a structural representation that must be explicitly freed. The omission of this cleanup step means that group structures remain allocated in memory even after the device has been removed, leading to a gradual accumulation of unreleased memory resources.

The operational impact of this vulnerability extends beyond simple memory consumption issues as it represents a potential denial of service vector within systems utilizing IOMMU functionality. When iopf_queue_remove_device() is called repeatedly with devices that have pending IOMMU page requests, the memory leak compounds over time, potentially leading to system memory exhaustion. This is particularly critical in server environments or virtualized systems where IOMMU operations occur frequently during device management activities. The vulnerability affects systems using IOMMU with PRI capabilities, which are common in modern server and workstation configurations where PCIe device management and memory protection are essential. The memory leak could also impact system responsiveness and overall performance, as available memory decreases and the kernel may be forced to employ more aggressive memory management strategies.

Mitigation strategies for CVE-2025-21770 require immediate kernel updates that incorporate the fix for iopf_queue_remove_device() function. The patch ensures that iopf_free_group() is properly called after responding to IOMMU page requests within the device removal process, thereby preventing memory leaks. System administrators should prioritize applying the patched kernel versions to all affected systems, particularly those running virtualization workloads or server configurations that heavily utilize IOMMU functionality. Monitoring for memory consumption patterns and system performance degradation can help identify potential exploitation of this vulnerability in environments where IOMMU operations are frequent. The fix aligns with CWE-401 Memory Leak classification and addresses potential ATT&CK techniques related to resource exhaustion and denial of service attacks. Organizations should also consider implementing automated patch management processes to ensure timely deployment of security fixes and maintain system integrity against similar memory management vulnerabilities.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00203

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!