Linux Kernel Device Release Vulnerability in s390/ism

Vulnerability

A vulnerability in the Linux kernel's s390/ism component has been addressed by adding a proper release function for device structures. Previously, the code would immediately free the device after adding it, without allowing other parts of the kernel to release their references first. This could lead to use-after-free issues, especially if a reference was still held by sysfs, creating potential stability problems.

Impact

The vulnerability could cause use-after-free issues, leading to memory corruption and potential exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Device Release Vulnerability in s390/ism

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating