Slab Use-After-Free Vulnerability in Linux Kernel Affecting RTSX USB Memory Stick Driver
CVE-2025-22020

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability in the Linux kernel related to the RTSX USB memory stick driver has been identified, allowing for a slab use-after-free condition during the card polling process. This issue can arise when the driver attempts to remove or detach USB devices improperly, potentially leading to crashes or undefined behavior. The vulnerability has been addressed by ensuring proper memory management in the driver, preventing access to memory that has already been freed. Keeping the kernel updated is essential to mitigate this and similar vulnerabilities.

Affected Version(s)

Linux 6827ca573c03385439fdfc8b512d556dc7c54fc9 < 914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185

Linux 6827ca573c03385439fdfc8b512d556dc7c54fc9 < 9dfaf4d723c62bda8d9d1340e2e78acf0c190439

Linux 6827ca573c03385439fdfc8b512d556dc7c54fc9 < 31f0eaed6914333f42501fc7e0f6830879f5ef2d

References

https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4...

https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e...

https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e...

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Dec 29, 2024