Linux Kernel Memory Corruption Vulnerability in MD RAID Module

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's MD RAID module. This issue arises when the 'all_mddevs' list is iterated without proper synchronization, allowing a race condition to occur. Specifically, while one thread is processing a metadata device, another thread can remove it from the list, leading to a use-after-free scenario. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to memory corruption, potentially allowing for arbitrary code execution or causing a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Corruption Vulnerability in MD RAID Module

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating