Use-After-Free Vulnerability in Linux Kernel Affecting SCSI Host Adapters
CVE-2025-68324

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 December 2025

What is CVE-2025-68324?

A use-after-free vulnerability has been identified in the Linux kernel's SCSI subsystem, specifically affecting the IMM parallel port SCSI host adapter. This occurs when the delayed work item 'imm_tq', initialized in imm_attach() and scheduled through imm_queuecommand(), is still processing commands after the adapter has been detached via imm_detach(). When imm_detach() is called, it deallocates the imm_struct memory, but if a delayed work continues running, it may access this freed memory, causing potential memory corruption issues. To mitigate this, adding disable_delayed_work_sync() in imm_detach() will ensure that any pending delayed work is properly canceled before the memory is released.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 31ab2aad7a7b7501e904a09bf361e44671f66092

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 48dd41fa2d6c6a0c50e714deeba06ffe7f91961b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9e434426cc23ad5e2aad649327b59aea00294b13

References

https://git.kernel.org/stable/c/31ab2aad7a7b7501e904a09bf...
https://git.kernel.org/stable/c/48dd41fa2d6c6a0c50e714dee...
https://git.kernel.org/stable/c/9e434426cc23ad5e2aad64932...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.