{
  "threat_severity" : "Low",
  "public_date" : "2025-04-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer",
    "id" : "2356664",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2356664"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: hyperv_fb: Allow graceful removal of framebuffer\nWhen a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to\nrelease the framebuffer forcefully. If this framebuffer is in use it\nproduce the following WARN and hence this framebuffer is never released.\n[   44.111220] WARNING: CPU: 35 PID: 1882 at drivers/video/fbdev/core/fb_info.c:70 framebuffer_release+0x2c/0x40\n< snip >\n[   44.111289] Call Trace:\n[   44.111290]  <TASK>\n[   44.111291]  ? show_regs+0x6c/0x80\n[   44.111295]  ? __warn+0x8d/0x150\n[   44.111298]  ? framebuffer_release+0x2c/0x40\n[   44.111300]  ? report_bug+0x182/0x1b0\n[   44.111303]  ? handle_bug+0x6e/0xb0\n[   44.111306]  ? exc_invalid_op+0x18/0x80\n[   44.111308]  ? asm_exc_invalid_op+0x1b/0x20\n[   44.111311]  ? framebuffer_release+0x2c/0x40\n[   44.111313]  ? hvfb_remove+0x86/0xa0 [hyperv_fb]\n[   44.111315]  vmbus_remove+0x24/0x40 [hv_vmbus]\n[   44.111323]  device_remove+0x40/0x80\n[   44.111325]  device_release_driver_internal+0x20b/0x270\n[   44.111327]  ? bus_find_device+0xb3/0xf0\nFix this by moving the release of framebuffer and assosiated memory\nto fb_ops.fb_destroy function, so that framebuffer framework handles\nit gracefully.\nWhile we fix this, also replace manual registrations/unregistration of\nframebuffer with devm_register_framebuffer." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20095",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.8.1.el10_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-21976\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21976\nhttps://lore.kernel.org/linux-cve-announce/2025040147-CVE-2025-21976-340d@gregkh/T" ],
  "name" : "CVE-2025-21976",
  "csaw" : false
}