CVE-2025-21745
Description
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exit(), so causes the class's subsystem refcount leakage. Fix by ending the iterating with class_dev_iter_exit().
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 6.1.129-1 |
| debian | bullseye | fixed | 5.10.237-1 |
| debian | forky | fixed | 6.12.15-1 |
| debian | sid | fixed | 6.12.15-1 |
| debian | trixie | fixed | 6.12.15-1 |
| linux-kernel | affected | 6.1.129 | |
| almalinux | 9 | fixed | kernel-doc-5.14.0-611.5.1.el9_7.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2025:20518
- https://git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876
- https://git.kernel.org/stable/c/38287f779b34dfe959b4b681e909f2d3d52b88be
- https://git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0
- https://git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126
- https://git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309
- https://git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025e
- https://git.kernel.org/stable/c/ffb494f1e7a047bd7a41b13796fcfb08fe5beafb
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://www.suse.com/security/cve/CVE-2025-21745.html
- https://errata.rockylinux.org/RLSA-2025:20518
- https://security-tracker.debian.org/tracker/CVE-2025-21745
- https://bugzilla.redhat.com/2298169
- https://bugzilla.redhat.com/2312077
- https://bugzilla.redhat.com/2313092
- https://bugzilla.redhat.com/2320172
- https://bugzilla.redhat.com/2320259
- https://bugzilla.redhat.com/2320455
- https://bugzilla.redhat.com/2320616
- https://bugzilla.redhat.com/2320722
- https://bugzilla.redhat.com/2324549
- https://bugzilla.redhat.com/2327203
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.