Volerion logoVolerion
Volerion logoVolerion

Linux Kernel SMC Use-After-Free Vulnerability in TCP Timer Handler

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's TCP timer handling, specifically within the Socket Management Channel (SMC) implementation. This issue arises when an SMC-created kernel socket is not properly closed, leaving TCP timers active. The vulnerability can be exploited after the socket is freed, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where memory that has been freed is still accessed, potentially leading to arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by creating a kernel socket through the SMC interface, then closing the parent SMC socket without properly releasing the associated TCP resources. This leaves the TCP timers running, which can later be triggered, causing the use-after-free condition.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.

Added: Dec 9, 2025, 2:03 AM
Updated: Dec 9, 2025, 2:03 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.