CVE-2025-21978 | drm/hyperv: Fix address space leak when Hyper-V DRM device is removed

In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing.

Published: 2025-04-01 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2025-21978

EPSS CVSS CWE Affected OS Tracker

Conclusion & alert: CVE-2025-21978 is rated Low Risk (23.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.15%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-21978

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.03%	0.15%	+0.13%
2	2026-05-10	0.09%	0.03%	-0.07%
3	2026-01-26	—	0.09%	—

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-21978

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	3.6	[email protected]

Weakness enumeration for CVE-2025-21978

CWE-401 MITRE ↗

OS Trackers for CVE-2025-21978

vendor	priority	summary	link
`debian`	unimportant	CVE-2025-21978 unimportant priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2025-21978
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2025-21978
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2025-21978/
`ubuntu`	medium	CVE-2025-21978 medium priority: Ubuntu including 150 source packages (linux, linux-allwinner-5.19, …), 1487 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1097, ignored 150, released 130, not-affected 110.	https://ubuntu.com/security/CVE-2025-21978

Affected software / configurations for CVE-2025-21978

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 6.0, < 6.1.132	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.2, < 6.6.84	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.7, < 6.12.20	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.13, < 6.13.8	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	6.14	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
linux	linux_kernel	6.14	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
linux	linux_kernel	6.14	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
linux	linux_kernel	6.14	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
linux	linux_kernel	6.14	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
linux	linux_kernel	6.14	cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::

References for CVE-2025-21978

URL	Tags
https://git.kernel.org/stable/c/158242b56bf465a73e1edeac0fe828a8acad4499	Patch
https://git.kernel.org/stable/c/24f1bbfb2be77dad82489c1468bbb14312aab129	Patch
https://git.kernel.org/stable/c/ad27b4a51495490b815580d9b935e8eee14d1a9c	Patch
https://git.kernel.org/stable/c/aed709355fd05ef747e1af24a1d5d78cd7feb81e	Patch
https://git.kernel.org/stable/c/c40cd24bfb9bfbb315c118ca14ebe6cf52e2dd1e	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

cvelogic Threat Intelligence