Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Use-After-Free Vulnerability in fbdev smscufx Driver

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's fbdev smscufx driver. This issue arises when a USB device is physically removed, leading to several types of use-after-free scenarios. The vulnerability has been addressed by adding a new function, ufx_ops_destroy(), to the .fb_destroy callback of fb_ops. This function includes a reference count decrement and a call to ufx_free(), effectively preventing the use-after-free conditions.

Impact

Exploitation of this vulnerability could lead to use-after-free conditions, which commonly result in memory corruption and potentially allow for arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.

Added: Dec 24, 2025, 4:54 PM
Updated: Dec 24, 2025, 4:54 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.0
remediation
7.7
relevance
1.7
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.