Linux Kernel ibmvnic Driver Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's ibmvnic driver. This issue arises because the driver incorrectly accesses the socket buffer (skb) memory after transmitting data to the Virtual I/O Server (VIOS). Once the data is sent, the VIOS can immediately free the skb memory, creating a race condition that can lead to accessing freed memory. This vulnerability was discovered through a Kernel Address Sanitizer (KASAN) report, which highlighted the memory access issue as a slab-use-after-free error.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where the driver accesses memory that has already been freed. This can lead to memory corruption and potentially allow for arbitrary code execution or other malicious actions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ibmvnic Driver Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating