Linux Kernel VKMS Driver Use-After-Free and Double-Free Vulnerability

Vulnerability

A use-after-free and double-free vulnerability has been identified in the Linux kernel's VKMS (Virtual Kernel Mode Setting) driver. This issue arises when the driver initialization fails, leading the `vkms_exit()` function to access an uninitialized or freed `default_config` pointer, potentially causing a double free. The vulnerability has been addressed by ensuring that `default_config` is only initialized after a successful driver initialization.

Impact

Exploitation of this vulnerability could lead to memory corruption issues, such as use-after-free and double-free conditions, which can be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel VKMS Driver Use-After-Free and Double-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating