Use-After-Free Vulnerability in Linux Kernel Affects Systemd Random Seed Functionality
CVE-2025-39866
What is CVE-2025-39866?
A use-after-free vulnerability in the Linux kernel occurs during the execution of the __mark_inode_dirty() function, particularly when the bdi_writeback is in the process of switching. This issue can lead to unintended behavior, including system instability. The root of the problem involves a race condition that arises when the inode spinlock is not held through the completion of wb_wakeup_delayed(), thereby allowing access to already freed memory. The fix for this vulnerability involves retaining the inode spinlock to ensure safe manipulation of the writeback data structure until the process is finished, significantly reducing the risk of exploits.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1edc2feb9c759a9883dfe81cb5ed231412d8b2e4
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2