Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Hold RCU and Device Lock Vulnerability in HSR Port Management

Vulnerability

A vulnerability in the Linux kernel's handling of High-availability Seamless Redundancy (HSR) port management has been addressed. The issue arose because the function 'hsr_get_port_ndev' did not properly manage locks, potentially leading to a use-after-free condition. The function 'hsr_for_each_port' requires the Read-Copy Update (RCU) lock to be held, but this was not done. Additionally, before returning the port device, a reference to the device needed to be held to prevent a use-after-free error in the calling function. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to a use-after-free condition, which may be exploitable to cause memory corruption or arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree to address this vulnerability.

Added: Sep 23, 2025, 6:32 AM
Updated: Sep 23, 2025, 6:32 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
0.5
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.