Linux Kernel XFRM Module Initialization Vulnerability Leading to Kernel Panic

Vulnerability

A vulnerability in the Linux kernel's handling of the XFRM (IPsec) module has been identified. The issue arises because the function 'xfrm4_protocol_init' was incorrectly marked for export and initialization, allowing access to a freed symbol after the initialization process. This mismanagement can lead to a kernel panic. The problem was detected in 'linux-next' builds after the 'modpost' tool was fixed to recognize such issues, which had gone undetected for a decade.

Impact

Accessing a freed symbol can cause a kernel panic, leading to a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel XFRM Module Initialization Vulnerability Leading to Kernel Panic

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating