Use-After-Free Vulnerability in Linux Kernel NFS Service
CVE-2025-21796

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A use-after-free vulnerability exists within the NFS service of the Linux kernel. When the release function is called for acl_access and acl_default, an incorrect reference state can persist if the acl_default release process fails. This mismatch can lead to a scenario where acl_access retains a dangling pointer to a released memory object, resulting in a warning and potential kernel panic. The vulnerability can compromise the stability and security of systems running the affected kernel versions.

Affected Version(s)

Linux a257cdd0e2179630d3201c32ba14d7fcb3c3a055 < 2e59b2b68782519560b3d6a41dd66a3d01a01cd3

Linux a257cdd0e2179630d3201c32ba14d7fcb3c3a055 < 55d947315fb5f67a35e4e1d3e01bb886b9c6decf

Linux a257cdd0e2179630d3201c32ba14d7fcb3c3a055

References

https://git.kernel.org/stable/c/2e59b2b68782519560b3d6a41...

https://git.kernel.org/stable/c/55d947315fb5f67a35e4e1d3e...

https://git.kernel.org/stable/c/f8d871523142f7895f250a856...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024