cve/published/2025/CVE-2025-21745.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-21745: blk-cgroup: Fix class @block_class's subsystem refcount leakage

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 blk-cgroup: Fix class @block_class's subsystem refcount leakage

 blkcg_fill_root_iostats() iterates over @block_class's devices by
 class_dev_iter_(init|next)(), but does not end iterating with
 class_dev_iter_exit(), so causes the class's subsystem refcount leakage.

 Fix by ending the iterating with class_dev_iter_exit().

 The Linux kernel CVE team has assigned CVE-2025-21745 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 5.10.235 with commit ffb494f1e7a047bd7a41b13796fcfb08fe5beafb
 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 5.15.179 with commit 38287f779b34dfe959b4b681e909f2d3d52b88be
 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.1.129 with commit 431b6ef2714be4d5babb802114987541a88b43b0
 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.6.78 with commit 993121481b5a87829f1e8163f47158b72679f309
 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.12.14 with commit 2ce09aabe009453d641a2ceb79e6461a2d4f3876
 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.13.3 with commit 67c7f213e052b1aa6caba4a7e25e303bc6997126
 	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.14 with commit d1248436cbef1f924c04255367ff4845ccd9025e

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-21745
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	block/blk-cgroup.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ffb494f1e7a047bd7a41b13796fcfb08fe5beafb
 	https://git.kernel.org/stable/c/38287f779b34dfe959b4b681e909f2d3d52b88be
 	https://git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0
 	https://git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309
 	https://git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876
 	https://git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126
 	https://git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025e
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-21745: blk-cgroup: Fix class @block_class's subsystem refcount leakage

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	blk-cgroup: Fix class @block_class's subsystem refcount leakage

	blkcg_fill_root_iostats() iterates over @block_class's devices by
	class_dev_iter_(init\|next)(), but does not end iterating with
	class_dev_iter_exit(), so causes the class's subsystem refcount leakage.

	Fix by ending the iterating with class_dev_iter_exit().

	The Linux kernel CVE team has assigned CVE-2025-21745 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 5.10.235 with commit ffb494f1e7a047bd7a41b13796fcfb08fe5beafb
	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 5.15.179 with commit 38287f779b34dfe959b4b681e909f2d3d52b88be
	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.1.129 with commit 431b6ef2714be4d5babb802114987541a88b43b0
	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.6.78 with commit 993121481b5a87829f1e8163f47158b72679f309
	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.12.14 with commit 2ce09aabe009453d641a2ceb79e6461a2d4f3876
	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.13.3 with commit 67c7f213e052b1aa6caba4a7e25e303bc6997126
	Issue introduced in 5.9 with commit ef45fe470e1e5410db4af87abc5d5055427945ac and fixed in 6.14 with commit d1248436cbef1f924c04255367ff4845ccd9025e

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-21745
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	block/blk-cgroup.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ffb494f1e7a047bd7a41b13796fcfb08fe5beafb
	https://git.kernel.org/stable/c/38287f779b34dfe959b4b681e909f2d3d52b88be
	https://git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0
	https://git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309
	https://git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876
	https://git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126
	https://git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025e