Linux Kernel BFQ I/O Scheduler Cgroup Information Update Vulnerability

Vulnerability

A vulnerability in the Linux kernel's BFQ (Budget Fair Queueing) I/O scheduler has been addressed. The issue arose when processes were migrated to different cgroups, leading to the potential for stale cgroup information to be used in the bio merging process. This could result in bios being incorrectly merged across different cgroups or cause merging of bfqqs (BFQ queues) from already terminated cgroups, potentially leading to use-after-free vulnerabilities. The issue has been fixed by ensuring that cgroup information is updated before merging bios.

Impact

Exploitation of this vulnerability could lead to use-after-free issues, which may be exploited to cause memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BFQ I/O Scheduler Cgroup Information Update Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating