CVE-2025-21978 is a vulnerability identified in the Linux kernel's drm/hyperv driver, which handles the Hyper-V Direct Rendering Manager (DRM) device. The issue arises during the probing and removal of the Hyper-V DRM device. When the device is probed, the driver allocates memory-mapped I/O (MMIO) space for the video RAM (vram) and maps it as cacheable in the kernel address space. However, if the device is removed or an error occurs during probing, the MMIO space is released but the corresponding unmapping of the kernel address space is not performed. This results in a kernel address space leak, where the mapped memory remains reserved and inaccessible, potentially leading to resource exhaustion or degraded system performance over time. The fix involves adding calls to iounmap() in both the device removal path and the error path during device probing to ensure that the MMIO space is properly unmapped and released. This vulnerability is specific to Linux kernels running on Hyper-V virtualized environments where the Hyper-V DRM device is present. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2025-21978 primarily concerns systems running Linux kernels on Microsoft Hyper-V virtualization platforms, which are common in enterprise data centers and cloud environments. The kernel address space leak can lead to gradual resource depletion, potentially causing system instability, degraded performance, or denial of service conditions if the leak accumulates over time. This can affect critical infrastructure, virtualized workloads, and services relying on Hyper-V-based Linux virtual machines. While the vulnerability does not directly allow privilege escalation or remote code execution, the indirect impact on availability and system reliability can disrupt business operations, especially in environments with high VM churn or frequent device probing/removal. European organizations with large-scale virtualized environments or those using Hyper-V for Linux workloads should be aware of this vulnerability to prevent potential operational disruptions.

To mitigate CVE-2025-21978, European organizations should: 1) Apply the official Linux kernel patches that include the iounmap() fixes for the drm/hyperv driver as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Monitor and audit virtual machine lifecycle operations on Hyper-V hosts to identify frequent device probing or removal events that could exacerbate the leak. 3) Implement proactive system monitoring to detect abnormal kernel memory usage or address space exhaustion symptoms. 4) Where possible, limit the use of Hyper-V DRM devices in Linux VMs if not required, or isolate affected VMs to reduce risk exposure. 5) Coordinate with virtualization platform administrators to ensure that Hyper-V host and guest integration components are up to date and consistent with security best practices. 6) Maintain robust backup and recovery procedures to minimize operational impact in case of system instability caused by this vulnerability.