Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Proc Subsystem Use-After-Free Vulnerability in Lseek Handling

Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's proc subsystem. The issue arose because the proc_lseek operation was not properly validated, potentially leading to a use-after-free condition during module removal. This vulnerability was introduced in version 5.10 and exists in the stable branch through 6.4. The problem was identified as a gap in the proc_reg_open function, following a previous fix for a related use-after-free issue in proc_get_inode.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by creating a proc file system entry that includes a custom proc_lseek operation. If the entry is then removed while it is being accessed, the lack of proper validation can lead to a use-after-free condition.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.

Added: Aug 22, 2025, 4:50 PM
Updated: Aug 22, 2025, 4:50 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
7.5
exploitability
4.3
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.