Volerion logoVolerion
Volerion logoVolerion

Linux Kernel XTS EBUSY Handling Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's XTS cryptographic implementation. This issue arises because the XTS handler only properly manages the EINPROGRESS return value, freeing associated data in other cases. However, since the XTS caller can indicate MAY_BACKLOG, it must also anticipate EBUSY and handle it similarly. Failure to do so can lead to backlogged requests causing a use-after-free condition.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by sending a backlogged request to the XTS implementation that triggers a EBUSY response. The XTS handler will incorrectly free the request data, leading to a use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Oct 1, 2025, 2:04 PM
Updated: Oct 1, 2025, 2:04 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.