Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Use-After-Free Vulnerability in AARP Proxy Probe

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's AppleTalk AARP proxy probe routine. This issue arises because the routine sends a probe, releases a lock, and then sleeps before re-acquiring the lock. During this interval, an expiration timer thread can remove and free the same entry, leading to a race condition. The vulnerability has been fixed by implementing proper reference counting for AARP entries, ensuring that entries are not freed while still in use.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where a freed memory entry is accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending an AARP proxy probe while an expiration timer is active, causing a race condition that triggers the use-after-free.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.

Added: Aug 22, 2025, 4:36 PM
Updated: Aug 22, 2025, 7:05 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
5.3
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.