Linux Kernel Race Condition Vulnerability in AMDTEE Component Leading to Use-After-Free

Vulnerability

A race condition vulnerability has been identified in the AMDTEE component of the Linux kernel, specifically in the amdtee_open_session function. This vulnerability can lead to a use-after-free condition. The issue arises when the session mask is set, and before the session information is updated. If the amdtee_close_session function closes the same session during this window, the session data structure is released. This premature release can cause a kernel panic when the session is accessed again within the amdtee_open_session function.

Impact

Exploitation of this vulnerability can cause a kernel panic, leading to a denial of service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Race Condition Vulnerability in AMDTEE Component Leading to Use-After-Free

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating