Linux Kernel SRCU Grace Period Management Vulnerability Leading to Use-After-Free

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's management of Source Read Copy Update (SRCU) grace periods. The issue arises in the 'cleanup_srcu_struct()' function, which currently checks for ongoing grace periods but fails to account for grace periods that are anticipated to start soon. This oversight could lead to a use-after-free condition, where memory is improperly accessed after being freed.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SRCU Grace Period Management Vulnerability Leading to Use-After-Free

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating