Linux Kernel Use-After-Free Vulnerability in SCSI libfc Component

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's SCSI libfc component. The issue arises in the function fc_exch_abts_resp(), where the exchange's reference count is decreased before the exchange is released. Once the reference count reaches zero, the exchange is freed, but the code subsequently continues to use the now-freed exchange, leading to a use-after-free condition.

Impact

Exploitation of this vulnerability could lead to memory corruption issues, allowing for potential arbitrary code execution or other memory-related attacks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Use-After-Free Vulnerability in SCSI libfc Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating