Linux Kernel Block Layer Use-After-Free Vulnerability in Block-MQ

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's block layer, specifically within the block multi-queue (blk-mq) subsystem. The issue arises because the blk_mq_get_sq_hctx function can access a tagset after it has been freed, leading to potential memory corruption. This occurs when there are no queued requests and the request queue has been cleaned up, causing the tagset to be released. The vulnerability can be exploited by manipulating the request queue lifecycle, particularly by freeing the tagset before it is no longer needed, creating a window for use-after-free conditions.

Impact

Exploitation of this vulnerability can lead to memory corruption, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Block Layer Use-After-Free Vulnerability in Block-MQ

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating