CVE-2025-21978 in Linuxinfo

Summary

by MITRE • 04/01/2025

In the Linux kernel, the following vulnerability has been resolved:

drm/hyperv: Fix address space leak when Hyper-V DRM device is removed

When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked.

Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/01/2026

The vulnerability CVE-2025-21978 represents a critical memory management issue within the Linux kernel's Hyper-V DRM driver component. This flaw manifests as an address space leak that occurs during the lifecycle of Hyper-V display rendering devices, specifically affecting systems utilizing Hyper-V virtualization environments with direct rendering management capabilities. The issue stems from improper resource cleanup procedures within the device management code path, creating persistent memory mapping artifacts that consume kernel virtual address space without proper release mechanisms.

The technical root cause of this vulnerability lies in the inconsistent handling of memory-mapped I/O resources during device lifecycle events. When the Hyper-V DRM driver initializes a device probe, it correctly allocates memory-mapped I/O space for video RAM and establishes cacheable mappings for hardware access. However, the driver fails to execute the corresponding iounmap() function calls when the device is removed from the system or when device probing encounters errors during initialization. This oversight creates a memory leak where the kernel's virtual address space mapping remains allocated and unmapped, effectively consuming address space that could be reused for legitimate kernel operations.

The operational impact of this vulnerability extends beyond simple memory consumption, as it represents a potential denial of service vector that could gradually exhaust available kernel virtual address space on systems running multiple Hyper-V DRM devices. Attackers could potentially exploit this flaw by repeatedly creating and destroying Hyper-V DRM device instances, leading to progressive address space exhaustion that may cause system instability, device driver failures, or complete system hangs. The vulnerability is particularly concerning in virtualized environments where multiple guest operating systems may simultaneously create and destroy display device instances, amplifying the address space consumption effects.

This memory leak vulnerability maps directly to CWE-404, which specifically addresses improper resource release or cleanup, and aligns with ATT&CK technique T1490, representing resource exhaustion attacks through improper resource management. The fix implementation requires adding explicit iounmap() calls in both the device removal path and error handling routines during device probing, ensuring that all memory mappings are properly torn down regardless of the execution path taken. This remediation addresses the fundamental issue by guaranteeing that kernel virtual address space mappings are consistently released when they are no longer needed, preventing the accumulation of stale mappings that consume valuable system resources. The solution follows established kernel development practices for proper resource management and aligns with the Linux kernel's memory management best practices for device drivers operating in virtualized environments.

Responsible

Linux

Reservation

12/29/2024

Disclosure

04/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00176

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!