Use-After-Free Vulnerability in Linux Kernel Affecting SCSI Host Adapters
CVE-2025-68324

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-68324?

A use-after-free vulnerability has been identified in the Linux kernel's SCSI subsystem, specifically affecting the IMM parallel port SCSI host adapter. This occurs when the delayed work item 'imm_tq', initialized in imm_attach() and scheduled through imm_queuecommand(), is still processing commands after the adapter has been detached via imm_detach(). When imm_detach() is called, it deallocates the imm_struct memory, but if a delayed work continues running, it may access this freed memory, causing potential memory corruption issues. To mitigate this, adding disable_delayed_work_sync() in imm_detach() will ensure that any pending delayed work is properly canceled before the memory is released.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 31ab2aad7a7b7501e904a09bf361e44671f66092

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 48dd41fa2d6c6a0c50e714deeba06ffe7f91961b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9e434426cc23ad5e2aad649327b59aea00294b13

References

https://git.kernel.org/stable/c/31ab2aad7a7b7501e904a09bf...

https://git.kernel.org/stable/c/48dd41fa2d6c6a0c50e714dee...

https://git.kernel.org/stable/c/9e434426cc23ad5e2aad64932...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 16, 2025

JSON