Linux Kernel Per-CPU Counter Use-After-Free Vulnerability in Module Tag Management

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's handling of per-CPU counters for module allocation tags. When a module is unloaded, it retains memory for its allocation tags until they are no longer in use. However, the per-CPU counters referenced by these tags are freed when the module is unloaded, leading to a use-after-free condition if the module's memory is accessed afterward. This vulnerability has been addressed by dynamically allocating per-CPU counters for module tags, ensuring they remain available for in-use tags after a module is unloaded. This change also eliminates the need for a larger PERCPU_MODULE_RESERVE when memory allocation profiling is enabled, as per-CPU memory for counters no longer requires reservation.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary memory access or manipulation.

Added: Jun 18, 2025, 10:29 AM

Updated: Jun 18, 2025, 10:29 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.1

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.1

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Per-CPU Counter Use-After-Free Vulnerability in Module Tag Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating