Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Use-After-Free Vulnerability in SMC Listening Function

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Socket Memory Channel (SMC) implementation. This issue arises in the 'smc_listen_work' function, where a socket's associated structure can be prematurely released. If an application closes the socket immediately after it is accepted, the pointer to the socket can become NULL, leading to a null pointer dereference. This vulnerability has been observed in Linux kernel version 6.13.0-rc3.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a kernel crash.

Reproduction

The vulnerability can be reproduced by creating an SMC server that accepts connections. After a connection is accepted, the application should immediately close the socket. This sequence of actions will result in the 'smc_listen_work' function attempting to access a now-null pointer, causing a kernel crash.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.

Added: Sep 5, 2025, 8:18 PM
Updated: Sep 5, 2025, 8:18 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.