CVE-2025-21810: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered related to potential wild pointer dereferences in the class_dev_iter APIs (class_dev_iter_init, class_dev_iter_next, and class_dev_iter_exit). The issue was identified and fixed in February 2025 (Kernel Git).

The vulnerability stems from uninitialized members in the class_dev_iter structure. When class_dev_iter_init() checks the class parameter for potential class_to_subsys() errors, it returns void type and does not initialize its output parameter iter. This means callers cannot detect the error and may continue to invoke class_dev_iter_next() with iter containing wild pointers. The issue affects all callers of these APIs in the kernel tree (Kernel Git).

When exploited, this vulnerability could lead to wild pointer dereferences in the Linux kernel, potentially causing system crashes or denial of service conditions. The issue affects the kernel's device class iteration functionality, which is a core part of the driver subsystem (Kernel Git).

The issue has been fixed by implementing two key changes: 1) Initializing the output parameter iter using memset() in class_dev_iter_init() and providing caller prompts via pr_crit() for errors, and 2) Adding validation checks in class_dev_iter_next() to verify if iter is valid before proceeding (Kernel Git).