Use After Free Vulnerability in Linux Kernel's Zram Component
CVE-2025-21671

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

The vulnerability involves a potential use after free issue in the Zram component of the Linux kernel. If the initialization of zram_meta_alloc fails early, the allocated memory for zram->table is freed but not set to NULL. This can result in a scenario where zram_meta_free could try to access the table, leading to undefined behavior or security risks if a user resets a failed and uninitialized device.

Affected Version(s)

Linux ac3b5366b9b7c9d97b606532ceab43d2329a22f3

Linux 0b5b0b65561b34e6e360de317e4bcd031bfabf42 < 571d3f6045cd3a6d9f6aec33b678f3ffe97582ef

Linux 6fb92e9a52e3feae309a213950f21dfcd1eb0b40 < 902ef8f16d5ca77edc77c30656be54186c1e99b7

References

https://git.kernel.org/stable/c/fe3de867f94819ba0f28e035c...

https://git.kernel.org/stable/c/571d3f6045cd3a6d9f6aec33b...

https://git.kernel.org/stable/c/902ef8f16d5ca77edc77c3065...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024