Linux Kernel HSI SSI Protocol Driver Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's HSI SSI protocol driver, caused by a race condition. The issue arises in the 'ssi_protocol_probe()' function, where the 'ssi->work' is linked to 'ssip_xmit_work()'. In 'ssip_pn_setup()', the 'ssip_pn_xmit()' function can initiate this work. If the module is removed, 'ssi_protocol_remove()' is called, which frees 'ssi' using 'kfree(ssi)'. Meanwhile, the work can still be accessed, leading to a use-after-free scenario. The vulnerability has been addressed by ensuring that the work is canceled before the cleanup process in 'ssi_protocol_remove()'.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HSI SSI Protocol Driver Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating