{"id":"CVE-2025-21981","summary":"ice: fix memory leak in aRFS after reset","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n  comm \"kworker/0:0\", pid 8, jiffies 4296833052\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 0):\n    [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n    [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n    [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n    [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n    [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n    [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n    [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n    [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n    [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n    [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n    [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n    [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n    [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n    ...","modified":"2026-04-16T00:04:55.545535280Z","published":"2025-04-01T15:47:09.744Z","related":["SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20206-1","SUSE-SU-2025:20270-1","SUSE-SU-2025:20283-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21981.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/23d97f18901ef5e4e264e3b1777fe65c760186b5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3b27e6e10a32589fcd293b8933ab6de9387a460e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5d30d256661fc11b6e73fac6c3783a702e1006a3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/78f3d64b30210c0e521c59357431aca14024cb79"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e6902101f34f098af59b0d1d8cf90c4124c02c6a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ef2bc94059836a115430a6ad9d2838b0b34dc8f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fcbacc47d16306c87ad1b820b7a575f6e9eae58b"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21981.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21981"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"28bf26724fdb0e02267d19e280d6717ee810a10d"},{"fixed":"ef2bc94059836a115430a6ad9d2838b0b34dc8f5"},{"fixed":"e6902101f34f098af59b0d1d8cf90c4124c02c6a"},{"fixed":"fcbacc47d16306c87ad1b820b7a575f6e9eae58b"},{"fixed":"5d30d256661fc11b6e73fac6c3783a702e1006a3"},{"fixed":"3b27e6e10a32589fcd293b8933ab6de9387a460e"},{"fixed":"78f3d64b30210c0e521c59357431aca14024cb79"},{"fixed":"23d97f18901ef5e4e264e3b1777fe65c760186b5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21981.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}