Linux Kernel VLAN List Lock Vulnerability in HNS3 Driver

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's HNS3 network driver. This issue arises when adding port-based VLANs, as it requires removing virtual function (VF) VLANs from hardware and updating the VLAN state in the VF VLAN list. If a periodic task frees the same node simultaneously, it can lead to a use-after-free error. The vulnerability has been addressed by adding a VLAN list lock to protect the VLAN list.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel VLAN List Lock Vulnerability in HNS3 Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating