### [CVE-2025-21950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21950)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3d679d5aec648f50e645702929890b9611998a0b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.12%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctlIn the "pmcmd_ioctl" function, three memory objects allocated bykmalloc are initialized by "hcall_get_cpu_state", which are thencopied to user space. The initializer is indeed implemented in"acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk ofinformation leakage due to uninitialized bytes.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security