Use-After-Free Vulnerability in Marvell SAS/SATA Controller - Linux Kernel
CVE-2025-40001
What is CVE-2025-40001?
A vulnerability in the Linux kernel allows for a use-after-free condition within the Marvell SAS/SATA controller's code. Specifically, during the detachment process of this controller, if asynchronous work is not properly canceled, the system may continue operating on freed memory. This situation can lead to undefined behavior, which may be exploited by attackers to execute arbitrary code or crash the system. To mitigate this issue, the code has been updated to ensure that delayed work items are reliably canceled before the memory they rely on is deallocated, effectively safeguarding the integrity of the system during device removal.
Affected Version(s)
Linux 20b09c2992fefbe78f8cede7b404fb143a413c52 < 60cd16a3b7439ccb699d0bf533799eeb894fd217
Linux 2.6.31
Linux 2.6.31