Linux Kernel Double Free Vulnerability in io_acct_set Bioset

Vulnerability

A double free vulnerability has been addressed in the Linux kernel's md (multiple device) subsystem. The issue arose because the io_acct_set structure was allocated and freed in a way that could lead to improper memory management. The vulnerability has been resolved by adjusting the allocation and deallocation process, ensuring that io_acct_set is properly managed within the personality context, and removing redundant free operations in md_free and md_stop.

Impact

Exploitation of this vulnerability could lead to memory corruption issues, commonly associated with double free vulnerabilities, which can be exploited to execute arbitrary code or cause a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Double Free Vulnerability in io_acct_set Bioset

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating