Description

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calling device_add() without waiting for other kernel parts to release their references. Thus, a reference could still be held to a struct device, e.g., by sysfs, leading to potential use-after-free issues if a proper release function is not set.

INFO

Published Date :

2025-03-12T09:42:09.929Z

Last Modified :

2025-10-01T19:26:38.355Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21856 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21856.

URL Resource
https://git.kernel.org/stable/c/0505ff2936f166405d81d0d454a81d9c14124344 cve-icon cve-icon
https://git.kernel.org/stable/c/915e34d5ad35a6a9e56113f852ade4a730fb88f0 cve-icon cve-icon
https://git.kernel.org/stable/c/940d15254d2216b585558bcf36312da50074e711 cve-icon cve-icon
https://git.kernel.org/stable/c/e26e8ac27351f457091459a0a355bacd06d5bb2b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025031215-CVE-2025-21856-8865@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21856 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21856 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact