Linux Kernel BFQ IO Scheduler Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's BFQ IO scheduler. This issue arises when BIOS queued into the BFQ scheduler are linked to a cgroup that has already been offlined. As a result, the associated BFQ group can be prematurely freed once the last BIO is processed, leading to potential exploitation by users of the service tree. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to use-after-free conditions, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BFQ IO Scheduler Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating