Use-After-Free Vulnerability in Linux Kernel’s RDMA Core Component
CVE-2025-22085

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

Summary

A use-after-free vulnerability was discovered in the RDMA core of the Linux kernel. This flaw could be exploited when renaming device names, potentially leading to memory corruption. The issue was identified by Syzbot, which reported a slab-use-after-free scenario revealed through a detailed call trace. The affected code segments include nla_put and device registration functions within the RDMA core framework. Prompt patching is essential to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

Linux 9cbed5aab5aeea420d0aa945733bf608449d44fb < 0d6460b9d2a3ee380940bdf47680751ef91cb88e

Linux 9cbed5aab5aeea420d0aa945733bf608449d44fb < 56ec8580be5174b2b9774066e60f1aad56d201db

Linux 9cbed5aab5aeea420d0aa945733bf608449d44fb

References

https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47...

https://git.kernel.org/stable/c/56ec8580be5174b2b9774066e...

https://git.kernel.org/stable/c/edf6b543e81ba68c6dbac2499...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025