CVE-2025-21833

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the pasid. In case it nevertheless happens we must avoid using a NULL pointer.

Published: Mar 6, 2025
Updated: May 4, 2025
CVE: CVE-2025-21833
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	6.13.3

https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b
https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d

Vulnerability Database

CVE-2025-21833