Linux Kernel Loop Device Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's loop device implementation. The issue arises in the 'loop_handle_cmd()' function, which improperly dereferences command and request pointers after the 'do_req_filebacked()' function has completed processing. This flaw can lead to a kernel crash due to a null pointer dereference. The vulnerability occurs because 'do_req_filebacked()' calls 'blk_mq_complete_request()' either synchronously or asynchronously, depending on the I/O method used, unless memory allocation fails.

Impact

Exploitation of this vulnerability causes a kernel crash by dereferencing a null pointer, leading to a denial of service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Loop Device Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating