Linux Kernel SCSI Target UAF Vulnerability in TCMU Component

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's SCSI target component, specifically within the TCMU (TCM Userspace) module. The issue arises in the function 'tcmu_try_get_data_page()', which retrieves page references under a lock but fails to properly manage reference counts. This oversight allows the returned page to be freed by 'tcmu_blocks_release()' before it can be safely used, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability could result in a use-after-free condition, allowing for memory corruption or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI Target UAF Vulnerability in TCMU Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating