Linux Kernel Vulnerability in ublk Driver Disrupts Request Dispatching
CVE-2025-22068

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability exists in the Linux kernel's ublk driver, where the handling of requests can lead to potential use-after-free conditions. This arises from the dependency of the driver on the ubq->canceling flag for determining whether requests can be dispatched. When the queue is frozen, the ubq->canceling status needs to be properly set to ensure that commands are canceled and completed reliably, preventing unexpected behavior and potential exploitation. Proper implementation protects against mishandled requests that could compromise system integrity.

Affected Version(s)

Linux 216c8f5ef0f209a3797292c487bdaa6991ab4b92 < 7e3497d7dacb5aee69dd9be842b778083cae0e75

Linux 216c8f5ef0f209a3797292c487bdaa6991ab4b92 < 5491400589e7572c2d2627ed6384302f7672aa1d

Linux 216c8f5ef0f209a3797292c487bdaa6991ab4b92 < 9158359015f0eda00e521e35b7bc7ebce176aebf

References

https://git.kernel.org/stable/c/7e3497d7dacb5aee69dd9be84...

https://git.kernel.org/stable/c/5491400589e7572c2d2627ed6...

https://git.kernel.org/stable/c/9158359015f0eda00e521e35b...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025