Primary

Context

Linux Kernel vp_vdpa Hot Unplug Vulnerability Leading to Kernel Panic

Vulnerability

A vulnerability in the Linux kernel's vp_vdpa component can cause a kernel panic during the hot unplug process of a vp_vdpa device. This issue arises because the vdpa_mgmtdev_unregister function accesses modern devices that have already been freed, leading to a use-after-free condition. The vulnerability was observed in kernel version 5.14.0-252.el9.x86_64.

Impact

Unplugging a vp_vdpa device can trigger a kernel panic, causing a system crash.

Reproduction

The vulnerability can be reproduced by hot unplugging a vp_vdpa device, which will result in a kernel panic. This occurs because the vp_vdpa_remove function does not properly manage the device's memory, leading to a use-after-free error when the vdpa_mgmtdev_unregister function tries to access the device after it has been unregistered.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel vp_vdpa Hot Unplug Vulnerability Leading to Kernel Panic

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating