Linux Kernel Ceph Snap Decoding Vulnerability Leading to Use-After-Free Issues

Vulnerability

A vulnerability in the Linux kernel's Ceph file system component has been addressed. The issue arose during the decoding of snapshots, where a failure could result in the 'first_realm' and 'realm' variables pointing to the same snapshot realm memory. This overlap could cause the realm to be processed twice, potentially leading to random use-after-free errors, triggering a BUG_ON condition, and other related problems.

Impact

Exploitation of this vulnerability could lead to use-after-free errors, causing memory corruption issues such as dangling pointers, which could be exploited to execute arbitrary code or cause a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Ceph Snap Decoding Vulnerability Leading to Use-After-Free Issues

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating