Linux Kernel Vulnerability in ublk Driver Disrupts Request Dispatching
CVE-2025-22068
What is CVE-2025-22068?
A vulnerability exists in the Linux kernel's ublk driver, where the handling of requests can lead to potential use-after-free conditions. This arises from the dependency of the driver on the ubq->canceling
flag for determining whether requests can be dispatched. When the queue is frozen, the ubq->canceling
status needs to be properly set to ensure that commands are canceled and completed reliably, preventing unexpected behavior and potential exploitation. Proper implementation protects against mishandled requests that could compromise system integrity.
Affected Version(s)
Linux 216c8f5ef0f209a3797292c487bdaa6991ab4b92 < 7e3497d7dacb5aee69dd9be842b778083cae0e75
Linux 216c8f5ef0f209a3797292c487bdaa6991ab4b92 < 5491400589e7572c2d2627ed6384302f7672aa1d
Linux 216c8f5ef0f209a3797292c487bdaa6991ab4b92 < 9158359015f0eda00e521e35b7bc7ebce176aebf