CVE-2025-21810 Affecting reiserfs-kmp-default package, versions <6.4.0-150600.23.47.2
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES156-REISERFSKMPDEFAULT-9683486
- published10 Apr 2025
- disclosed9 Apr 2025
Introduced: 9 Apr 2025
NewCVE-2025-21810 (opens in a new tab)How to fix?
Upgrade SLES:15.6 reiserfs-kmp-default to version 6.4.0-150600.23.47.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream reiserfs-kmp-default package and not the reiserfs-kmp-default package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()
There are a potential wild pointer dereferences issue regarding APIs class_dev_iter_(init|next|exit)(), as explained by below typical usage:
// All members of @iter are wild pointers. struct class_dev_iter iter;
// class_dev_iter_init(@iter, @class, ...) checks parameter @class for // potential class_to_subsys() error, and it returns void type and does // not initialize its output parameter @iter, so caller can not detect // the error and continues to invoke class_dev_iter_next(@iter) even if // @iter still contains wild pointers. class_dev_iter_init(&iter, ...);
// Dereference these wild pointers in @iter here once suffer the error. while (dev = class_dev_iter_next(&iter)) { ... };
// Also dereference these wild pointers here. class_dev_iter_exit(&iter);
Actually, all callers of these APIs have such usage pattern in kernel tree. Fix by:
- Initialize output parameter @iter by memset() in class_dev_iter_init() and give callers prompt by pr_crit() for the error.
- Check if @iter is valid in class_dev_iter_next().
References
- https://www.suse.com/security/cve/CVE-2025-21810.html
- https://bugzilla.suse.com/1238757
- https://git.kernel.org/stable/c/1614e75d1a1b63db6421c7a4bf37004720c7376c
- https://git.kernel.org/stable/c/5c504e9767b947cf7d4e29b811c0c8b3c53242b7
- https://git.kernel.org/stable/c/e128f82f7006991c99a58114f70ef61e937b1ac1
- https://git.kernel.org/stable/c/f4b9bc823b0cfdebfed479c0e87d6939c7562e87