QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-21810

Back to search

CVE-2025-21810

Published: Feb 27, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() There are a potential wild pointer dereferences issue regarding APIs class_dev_iter_(init|next|exit)(), as explained by below typical usage: // All members of @iter are wild pointers. struct class_dev_iter iter; // class_dev_iter_init(@iter, @class, ...) checks parameter @class for // potential class_to_subsys() error, and it returns void type and does // not initialize its output parameter @iter, so caller can not detect // the error and continues to invoke class_dev_iter_next(@iter) even if // @iter still contains wild pointers. class_dev_iter_init(&iter, ...); // Dereference these wild pointers in @iter here once suffer the error. while (dev = class_dev_iter_next(&iter)) { ... }; // Also dereference these wild pointers here. class_dev_iter_exit(&iter); Actually, all callers of these APIs have such usage pattern in kernel tree. Fix by: - Initialize output parameter @iter by memset() in class_dev_iter_init() and give callers prompt by pr_crit() for the error. - Check if @iter is valid in class_dev_iter_next().

VendorProductVersions

Linux

Linux

affected
7b884b7f24b42fa25e92ed724ad82f137610afaf - < f4b9bc823b0cfdebfed479c0e87d6939c7562e87
affected
7b884b7f24b42fa25e92ed724ad82f137610afaf - < 1614e75d1a1b63db6421c7a4bf37004720c7376c
affected
7b884b7f24b42fa25e92ed724ad82f137610afaf - < 5c504e9767b947cf7d4e29b811c0c8b3c53242b7
affected
7b884b7f24b42fa25e92ed724ad82f137610afaf - < e128f82f7006991c99a58114f70ef61e937b1ac1

Linux

Linux

affected
6.4
unaffected
0 - < 6.4
unaffected
6.6.76 - <= 6.6.*
unaffected
6.12.13 - <= 6.12.*
unaffected
6.13.2 - <= 6.13.*

+1 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now