Medium severity5.5NVD Advisory· Published Feb 27, 2025· Updated May 12, 2026
CVE-2025-21745
CVE-2025-21745
Description
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: Fix class @block_class's subsystem refcount leakage
blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exit(), so causes the class's subsystem refcount leakage.
Fix by ending the iterating with class_dev_iter_exit().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing class_dev_iter_exit() in blk-cgroup causes a subsystem refcount leak that can be locally exploited to degrade system stability.
Vulnerability
In the Linux kernel, the function blkcg_fill_root_iostats() iterates over devices in @block_class using class_dev_iter_init() and class_dev_iter_next(), but fails to call class_dev_iter_exit() after the iteration completes. This omission causes a reference count leak on the class's subsystem, which over time can degrade kernel memory management and potentially lead to resource exhaustion or instability [1][2].
Exploitation
An attacker with local access and the ability to trigger I/O statistics collection can repeatedly exercise this code path. While no special privileges beyond normal user access are required to cause the leak, the vulnerability is not remotely exploitable and demands local presence on a system running an affected kernel version [3][4].
Impact
The primary impact is a slow depletion of kernel memory due to the unreleased subsystem reference, which may eventually lead to system slowdowns or denial-of-service conditions. The CVSS v3 base score of 5.5 (Medium) reflects this local availability impact. No privilege escalation or data confidentiality breach is associated with this bug.
Mitigation
The fix was committed to the Linux kernel stable tree and is included in versions that cherry-pick the patch referenced by commits ffb494f1e7a0 and 67c7f213e052 [3][4]. Users should update to a kernel containing this patch or contact their vendor for appropriate backports. Siemens has also released security advisories (SSA-082556 and SSA-265688) that list affected products and recommended updates [1][2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
138- osv-coords136 versionspkg:deb/ubuntu/linux-aws@6.11.0-1014.15?arch=source&distro=oracularpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_6&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_6&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.11.0-1014.15+ 135 more
- (no CPE)range: < 6.11.0-1014.15
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.8.34.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2.150600.12.20.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.8.34.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.8.34.1
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.8.34.2
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.47.2.150600.12.20.2
- (no CPE)range: < 6.4.0-28.1.21.6
- (no CPE)range: < 6.4.0-28.1.21.6
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.5.1
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.8.34.2
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-150600.23.47.2
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.8.34.1
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.47.1
- (no CPE)range: < 6.4.0-150600.10.34.1
- (no CPE)range: < 6.4.0-150600.23.47.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876nvdPatch
- git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0nvdPatch
- git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126nvdPatch
- git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309nvdPatch
- git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025envdPatch
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
- git.kernel.org/stable/c/38287f779b34dfe959b4b681e909f2d3d52b88benvd
- git.kernel.org/stable/c/ffb494f1e7a047bd7a41b13796fcfb08fe5beafbnvd
- lists.debian.org/debian-lts-announce/2025/03/msg00028.htmlnvd
- lists.debian.org/debian-lts-announce/2025/05/msg00030.htmlnvd
News mentions
0No linked articles in our index yet.