Linux Kernel ublk Driver Queue Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's ublk driver has been addressed, related to how the driver manages request queues. The issue arose because the driver relied on the 'ubq->canceling' flag to determine whether requests could be processed. If the queue was frozen, this flag needed to be set to prevent a use-after-free error when handling commands via the io_uring interface. The vulnerability has been resolved by ensuring that 'ubq->canceling' is properly set when the queue is frozen, allowing for safe command cancellation and completion.

Impact

The vulnerability could lead to a use-after-free error when processing io_uring commands, potentially causing memory corruption or other unintended behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ublk Driver Queue Management Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating