Memory Leak Vulnerability in Linux Kernel ICE Driver
CVE-2025-21981

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-21981?

A vulnerability in the Linux kernel's ICE driver was identified involving a failure to properly manage memory during the aRFS (accelerated Receive Flow Steering) processes. In scenarios where VSI (Virtual Station Interface) reconfiguration occurs post-reset, the system allocates memory for aRFS structures without releasing previously allocated resources. This oversight results in unreferenced memory objects that accumulate over time, ultimately leading to performance degradation and potential instability. The issue has been addressed to prevent future leaks.

Affected Version(s)

Linux 28bf26724fdb0e02267d19e280d6717ee810a10d

References

https://git.kernel.org/stable/c/ef2bc94059836a115430a6ad9...

https://git.kernel.org/stable/c/e6902101f34f098af59b0d1d8...

https://git.kernel.org/stable/c/fcbacc47d16306c87ad1b820b...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024

JSON