cve 2025 21934

CVE-2025-21934 is a high-severity use-after-free vulnerability in the Linux kernel's RapidIO subsystem. The flaw occurs when a failure in device_register() leaves a RapidIO port structure pointing to freed memory, creating a use-after-free condition that can lead to system instability, memory corruption, and potential denial of service. The upstream patch replaces an incorrect kfree() with the proper put_device() call and explicitly nulls the mport->net pointer to close the gap. This tag covers discussions about the vulnerability, its impact on affected Linux systems, and the patch that resolves it.