Linux Kernel rxrpc Call Timer Handling Vulnerability Leading to Use-After-Free

Vulnerability

A vulnerability in the Linux kernel's handling of the rxrpc_call structure can lead to a use-after-free condition. The issue arises because a timer associated with the call can be restarted by packet input routines running in softirq mode, while the call is being destroyed. This can cause the timer, which may have already been stopped, to be reactivated. If the timer is deallocated before its dispatch code is executed, it can result in a kernel oops error.

Impact

Exploitation of this vulnerability can cause a kernel oops, indicating a use-after-free error that could potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel rxrpc Call Timer Handling Vulnerability Leading to Use-After-Free

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating