Linux Kernel Vulnerability in BFQ I/O Scheduler Component
CVE-2025-21631

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 January 2025

Summary

A vulnerability in the Linux kernel related to the BFQ I/O scheduler has been identified, which can lead to a use-after-free condition. The issue arises during the initialization of requests, where memory that was previously freed is accessed. Specifically, in the function bfq_init_rq, a slab-use-after-free can occur when a request object is not properly managed. An attacker exploiting this vulnerability could cause system instability, potentially leading to a denial-of-service or other unforeseen behaviors.

Affected Version(s)

Linux 63a07379fdb6c72450cb05294461c6016b8b7726

Linux de0456460f2abf921e356ed2bd8da87a376680bd < 2550149fcdf2934155ff625d76ad4e3d4b25bbc6

Linux 0780451f03bf518bc032a7c584de8f92e2d39d7f

References

https://git.kernel.org/stable/c/f587c1ac68956c4703857d650...

https://git.kernel.org/stable/c/2550149fcdf2934155ff625d7...

https://git.kernel.org/stable/c/be3eed59ac01f429ac10aaa46...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2025
Vulnerability Reserved
Dec 29, 2024