Linux Kernel Ext4 Slab-Use-After-Free Vulnerability in Xattr Handling

Vulnerability

A slab-use-after-free vulnerability has been identified in the Linux kernel's ext4 file system, specifically within the xattr (extended attributes) handling. The issue arises in the function 'ext4_xattr_inode_dec_ref_all', where the code fails to properly manage xattr entries that extend beyond the designated 'end' entry. This oversight can lead to the use of freed memory, potentially causing memory corruption or allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where the system incorrectly accesses memory that has already been freed. This can cause memory corruption, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Ext4 Slab-Use-After-Free Vulnerability in Xattr Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating