Use-After-Free Vulnerability in Linux Kernel NFS Service
CVE-2025-21796

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-21796?

A use-after-free vulnerability exists within the NFS service of the Linux kernel. When the release function is called for acl_access and acl_default, an incorrect reference state can persist if the acl_default release process fails. This mismatch can lead to a scenario where acl_access retains a dangling pointer to a released memory object, resulting in a warning and potential kernel panic. The vulnerability can compromise the stability and security of systems running the affected kernel versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux a257cdd0e2179630d3201c32ba14d7fcb3c3a055 < 8a1737ae42c928384ab6447f6ee1a882510e85fa

Linux a257cdd0e2179630d3201c32ba14d7fcb3c3a055 < 6f7cfee1a316891890c505563aa54f3476db52fd

Linux a257cdd0e2179630d3201c32ba14d7fcb3c3a055 < 2e59b2b68782519560b3d6a41dd66a3d01a01cd3

References

https://git.kernel.org/stable/c/8a1737ae42c928384ab6447f6...

https://git.kernel.org/stable/c/6f7cfee1a316891890c505563...

https://git.kernel.org/stable/c/2e59b2b68782519560b3d6a41...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21796?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.