Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Multipath Target Race Condition Vulnerability Leading to Memory Corruption

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's multipath target. This issue arises in the 'retrieve_deps' function, which traverses a list of open devices without holding a lock. Meanwhile, the 'multipath_message' function can add or remove devices from the list, leading to potential memory corruption or use-after-free errors. The vulnerability has been addressed by introducing a read-write semaphore, 'devices_lock', to synchronize access to the device list.

Impact

Exploitation of this vulnerability can cause memory corruption or use-after-free conditions, potentially leading to arbitrary code execution or other memory-related vulnerabilities.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.

Added: Dec 30, 2025, 1:46 PM
Updated: Dec 30, 2025, 1:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.0
remediation
7.7
relevance
1.8
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.