CVE-2025-21882

EPSS 0.02%
Veröffentlicht 27.03.2025 14:57:10
Zuletzt bearbeitet 29.10.2025 16:56:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net/mlx5: Fix vport QoS cleanup on error

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix vport QoS cleanup on error

When enabling vport QoS fails, the scheduling node was never freed,
causing a leak.

Add the missing free and reset the vport scheduling node pointer to
NULL.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.6

Linux ≫ Linux Kernel Version6.14 Updaterc1

Linux ≫ Linux Kernel Version6.14 Updaterc2

Linux ≫ Linux Kernel Version6.14 Updaterc3

Linux ≫ Linux Kernel Version6.14 Updaterc4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/fead368502bce0e10bea7c0d2895b2fa0c6c10aa

Patch

https://git.kernel.org/stable/c/7f3528f7d2f98b70e19a6bb7b130fc82c079ac54

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-21882

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21882

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21882

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-21882