User-After-Free Vulnerability in Linux Kernel Affecting Driver Override Functions
CVE-2025-21915

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

The Linux kernel's driver_override_show() function is susceptible to a User-After-Free (UAF) condition. If driver_override_show() is called concurrently with driver_override_store(), it can access a freed pointer, potentially exposing sensitive kernel memory addresses. This occurs because while driver_override_store() properly locks the device during updates, driver_override_show() may read the driver_override value without proper locking, leading to a security risk. Such vulnerabilities can be exploited by unauthorized users to read sensitive kernel data, resulting in severe security implications for systems using affected kernel versions.

Affected Version(s)

Linux 2959ab247061e67485d83b6af8feb3761ec08cb9

Linux 2959ab247061e67485d83b6af8feb3761ec08cb9 < 8473135f89c0949436a22adb05b8cece2fb3da91

Linux 2959ab247061e67485d83b6af8feb3761ec08cb9 < 0439d541aa8d3444ad41c39e39eb71acb57acde3

References

https://git.kernel.org/stable/c/d7b339bbc887bcfc1a5b620bf...

https://git.kernel.org/stable/c/8473135f89c0949436a22adb0...

https://git.kernel.org/stable/c/0439d541aa8d3444ad41c39e3...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024