Slab-Use-After-Free Vulnerability in Linux Kernel Affecting Audio-Visual Components
CVE-2025-21968

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

The Linux kernel experienced a slab-use-after-free vulnerability related to the HDCP (High-bandwidth Digital Content Protection) workflow. This issue occurred when HDCP was destroyed, but the property_validate_dwork queue continued to execute. The vulnerability was addressed by cancelling the delayed work upon the destruction of the workqueue, ensuring that no obsolete references remain that could lead to memory corruption or exploitation.

Affected Version(s)

Linux da3fd7ac0bcf372cc57117bdfcd725cca7ef975a < 06acfdef370ae018dad9592369e2d2fd9a40c09e

Linux da3fd7ac0bcf372cc57117bdfcd725cca7ef975a < 1397715b011bcdc6ad91b17df7acaee301e89db5

Linux da3fd7ac0bcf372cc57117bdfcd725cca7ef975a < 4964dbc4191ab436877a5e3ecd9c67a4e50b7c36

References

https://git.kernel.org/stable/c/06acfdef370ae018dad959236...

https://git.kernel.org/stable/c/1397715b011bcdc6ad91b17df...

https://git.kernel.org/stable/c/4964dbc4191ab436877a5e3ec...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024