Use-After-Free Vulnerability in ChromeOS Kernel 5.4 Affecting Virtio Transport
CVE-2025-1290
8.1HIGH
What is CVE-2025-1290?
A race condition vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. This issue arises from concurrent allocation and deallocation of the virtio_vsock_sock structure during an AF_VSOCK connect syscall, leading to the potential for a dangling pointer. If a worker thread accesses this pointer, it may result in unintended interactions in the kernel, potentially allowing unauthorized code execution.
Affected Version(s)
ChromeOS 15474.84.0