Linux Kernel SCSI ZFCP Double Free Vulnerability in FSF Request Handling

Vulnerability

A double free vulnerability has been identified in the Linux kernel's SCSI ZFCP component. This issue arises in versions of the kernel that handle FSF requests. The vulnerability is caused by using an incorrect integer type to cache the FSF request ID, leading to mismatches when the ID is truncated or sign-extended. This flaw can result in a double free condition, where the same memory is freed twice, causing potential memory corruption.

Impact

Exploitation of this vulnerability leads to a double free condition, causing memory corruption. This can result in various stack corruption issues, such as list_del corruption, which has been observed in practice.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI ZFCP Double Free Vulnerability in FSF Request Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating