{"id":"CVE-2025-21856","summary":"s390/ism: add release function for struct device","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.","modified":"2026-04-16T04:39:17.757934861Z","published":"2025-03-12T09:42:09.929Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:1177-1","SUSE-SU-2025:1178-1","SUSE-SU-2025:1180-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21856.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0505ff2936f166405d81d0d454a81d9c14124344"},{"type":"WEB","url":"https://git.kernel.org/stable/c/915e34d5ad35a6a9e56113f852ade4a730fb88f0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/940d15254d2216b585558bcf36312da50074e711"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e26e8ac27351f457091459a0a355bacd06d5bb2b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21856.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21856"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8c81ba20349daf9f7e58bb05a0c12f4b71813a30"},{"fixed":"940d15254d2216b585558bcf36312da50074e711"},{"fixed":"0505ff2936f166405d81d0d454a81d9c14124344"},{"fixed":"e26e8ac27351f457091459a0a355bacd06d5bb2b"},{"fixed":"915e34d5ad35a6a9e56113f852ade4a730fb88f0"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21856.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}