CVE-2025-21893

EPSS 0.02%
Veröffentlicht 31.03.2025 20:15:14
Zuletzt bearbeitet 08.04.2025 15:48:59
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

keys: Fix UAF in key_put()

Once a key's reference count has been reduced to 0, the garbage collector
thread may destroy it at any time and so key_put() is not allowed to touch
the key after that point.  The most key_put() is normally allowed to do is
to touch key_gc_work as that's a static global variable.

However, in an effort to speed up the reclamation of quota, this is now
done in key_put() once the key's usage is reduced to 0 - but now the code
is looking at the key after the deadline, which is forbidden.

Fix this by using a flag to indicate that a key can be gc'd now rather than
looking at the key's refcount in the garbage collector.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.10 < 6.12.21

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.9

Linux ≫ Linux Kernel Version6.14 Updaterc1

Linux ≫ Linux Kernel Version6.14 Updaterc2

Linux ≫ Linux Kernel Version6.14 Updaterc3

Linux ≫ Linux Kernel Version6.14 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/6afe2ea2daec156bd94ad2c5a6f4f4c48240dcd3

Patch

https://git.kernel.org/stable/c/75845c6c1a64483e9985302793dbf0dfa5f71e32

Patch

https://git.kernel.org/stable/c/f6a3cf833188e897c97028cd7b926e3f2cb1a8c0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-21893

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21893

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21893

EUVD