Linux Kernel Slab-Use-After-Free Vulnerability in Memstick RTSX USB MS Driver

Vulnerability

A slab-use-after-free vulnerability has been identified in the Linux kernel's memstick subsystem, specifically within the RTSX USB MS driver. This vulnerability arises when the driver improperly manages memory allocation and deallocation, leading to a use-after-free condition. The issue was discovered during the polling of memory stick cards, where the driver attempted to access freed memory, causing a crash. The vulnerability was introduced in version 6.14.0-rc6 and has been resolved in subsequent updates.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where the driver accesses memory that has already been freed. This can potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Slab-Use-After-Free Vulnerability in Memstick RTSX USB MS Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating