Slab Use-After-Free Vulnerability in Linux Kernel Affecting RTSX USB Memory Stick Driver
CVE-2025-22020

7.8HIGH

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
16 April 2025

Summary

A vulnerability in the Linux kernel related to the RTSX USB memory stick driver has been identified, allowing for a slab use-after-free condition during the card polling process. This issue can arise when the driver attempts to remove or detach USB devices improperly, potentially leading to crashes or undefined behavior. The vulnerability has been addressed by ensuring proper memory management in the driver, preventing access to memory that has already been freed. Keeping the kernel updated is essential to mitigate this and similar vulnerabilities.

Affected Version(s)

Linux 6827ca573c03385439fdfc8b512d556dc7c54fc9 < 914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185

Linux 6827ca573c03385439fdfc8b512d556dc7c54fc9 < 9dfaf4d723c62bda8d9d1340e2e78acf0c190439

Linux 6827ca573c03385439fdfc8b512d556dc7c54fc9 < 31f0eaed6914333f42501fc7e0f6830879f5ef2d

References

https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4...
https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e...
https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-22020 : Slab Use-After-Free Vulnerability in Linux Kernel Affecting RTSX USB Memory Stick Driver | SecurityVulnerability.io