Linux Kernel Kobject Deletion Vulnerability in Block Layer

Vulnerability

A vulnerability exists in the Linux kernel's block layer related to the improper deletion order of kobjects. Kobjects should not be removed before their child kobjects, as this can lead to warnings being triggered if a child kobject has a named attribute group. The issue arises in the block crypto sysfs unregistration process, where the kobject is deleted before ensuring that all child kobjects are properly handled.

Impact

The vulnerability can cause a warning to be emitted, indicating a problem with the sysfs group management for certain kobjects, such as those related to crypto.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Kobject Deletion Vulnerability in Block Layer

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating