User-After-Free Vulnerability in Linux Kernel Affecting Driver Override Functions
CVE-2025-21915

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 April 2025

What is CVE-2025-21915?

The Linux kernel's driver_override_show() function is susceptible to a User-After-Free (UAF) condition. If driver_override_show() is called concurrently with driver_override_store(), it can access a freed pointer, potentially exposing sensitive kernel memory addresses. This occurs because while driver_override_store() properly locks the device during updates, driver_override_show() may read the driver_override value without proper locking, leading to a security risk. Such vulnerabilities can be exploited by unauthorized users to read sensitive kernel data, resulting in severe security implications for systems using affected kernel versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 2959ab247061e67485d83b6af8feb3761ec08cb9

Linux 2959ab247061e67485d83b6af8feb3761ec08cb9 < 8473135f89c0949436a22adb05b8cece2fb3da91

Linux 2959ab247061e67485d83b6af8feb3761ec08cb9 < 0439d541aa8d3444ad41c39e39eb71acb57acde3

References

https://git.kernel.org/stable/c/d7b339bbc887bcfc1a5b620bf...
https://git.kernel.org/stable/c/8473135f89c0949436a22adb0...
https://git.kernel.org/stable/c/0439d541aa8d3444ad41c39e3...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.