CVE-2025-21745 is a vulnerability identified in the Linux kernel's block control group (blk-cgroup) subsystem, specifically related to the handling of the block_class's subsystem reference counting. The issue arises in the function blkcg_fill_root_iostats(), which iterates over devices associated with the block_class using class_dev_iter_init() and class_dev_iter_next() functions. However, the iteration process does not properly conclude with a call to class_dev_iter_exit(), leading to a subsystem reference count leakage. This leakage means that the reference count for the block_class subsystem is not decremented appropriately after iteration, potentially causing resource mismanagement within the kernel. Although the vulnerability does not directly indicate a memory corruption or immediate code execution risk, the improper reference counting can lead to resource exhaustion or instability in the kernel's block I/O control group management. The fix involves ensuring that the iteration over devices ends with a call to class_dev_iter_exit(), properly releasing the subsystem reference and preventing the leak. This vulnerability affects specific Linux kernel versions identified by the commit hash ef45fe470e1e5410db4af87abc5d5055427945ac. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2025-21745 primarily concerns the stability and reliability of Linux-based systems, especially those heavily utilizing block control groups for I/O resource management, such as servers, cloud infrastructure, and containerized environments. Resource leakage in the kernel can lead to gradual degradation of system performance, increased memory or resource consumption, and potentially kernel instability or crashes under sustained load. This can disrupt critical services, cause downtime, and affect data availability. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant for organizations relying on Linux servers for essential operations. Systems running older or unpatched Linux kernels are at risk, and the lack of a known exploit suggests the threat is currently low but could be leveraged in targeted attacks or combined with other vulnerabilities to escalate impact. European organizations with large-scale Linux deployments, including cloud providers, financial institutions, and public sector entities, should be particularly vigilant.

To mitigate CVE-2025-21745, organizations should promptly apply the official Linux kernel patches that address the reference count leakage in the blk-cgroup subsystem. System administrators should: 1) Identify all Linux systems running affected kernel versions, especially those using block control groups for I/O management. 2) Schedule and perform kernel updates to versions containing the fix (post commit ef45fe470e1e5410db4af87abc5d5055427945ac). 3) Monitor system resource usage and kernel logs for signs of resource leaks or instability that could indicate exploitation or impact. 4) For environments where immediate patching is challenging, consider limiting the use of blk-cgroup features or isolating affected systems to reduce risk exposure. 5) Maintain robust backup and recovery procedures to minimize downtime in case of system instability. 6) Stay informed through Linux kernel security advisories and community channels for any emerging exploit information or additional mitigations.