CVE-2025-21915

Summary

CVE-2025-21915 is a vulnerability affecting the Linux kernel that involves a potential Use-After-Free (UAF) error in the driver_override_show() function of the cdx driver located in drivers/cdx/cdx.c. This issue occurs when the function attempts to read the driver_override value without proper locking, allowing it to access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, posing a security risk. A similar pattern is found in drivers/amba/bus.c and other bus drivers. This potential vulnerability was identified through an experimental static analysis tool designed to detect locking API misuses and atomicity violations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.