Use-After-Free Vulnerability in Marvell SAS/SATA Controller - Linux Kernel
CVE-2025-40001
What is CVE-2025-40001?
A vulnerability in the Linux kernel allows for a use-after-free condition within the Marvell SAS/SATA controller's code. Specifically, during the detachment process of this controller, if asynchronous work is not properly canceled, the system may continue operating on freed memory. This situation can lead to undefined behavior, which may be exploited by attackers to execute arbitrary code or crash the system. To mitigate this issue, the code has been updated to ensure that delayed work items are reliably canceled before the memory they rely on is deallocated, effectively safeguarding the integrity of the system during device removal.
Affected Version(s)
Linux 20b09c2992fefbe78f8cede7b404fb143a413c52
Linux 20b09c2992fefbe78f8cede7b404fb143a413c52
Linux 20b09c2992fefbe78f8cede7b404fb143a413c52 < 6ba7e73cafd155a5d3abf560d315f0bab2b9d89f
News Articles
wiz.ioCVE-2025-40001CVE-2025-40001 Impact, Exploitability, and Mitigation Steps | Wiz
Understand the critical aspects of CVE-2025-40001 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.