Primary

Context

Linux Kernel UAF Vulnerability in dm Cache Target

Vulnerability

Patched

A use-after-free vulnerability has been identified in the Linux kernel's dm cache target component. This issue arises when the dm_resume() and dm_destroy() functions are executed concurrently, leading to a race condition. The vulnerability has been addressed by modifying the destroy() function to cancel a scheduled timer, thereby preventing the use-after-free scenario.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by creating a scenario where dm_resume() and dm_destroy() are called at the same time, causing a race condition that the use-after-free vulnerability exploits.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 4, 2025, 8:13 PM

Updated: Oct 4, 2025, 8:13 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UAF Vulnerability in dm Cache Target

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating