7.8

CVE-2025-22088

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

In the Linux kernel, the following vulnerability has been resolved:

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

After the erdma_cep_put(new_cep) being called, new_cep will be freed,
and the following dereference will cause a UAF problem. Fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.0 < 6.1.134
LinuxLinux Kernel Version >= 6.2 < 6.6.87
LinuxLinux Kernel Version >= 6.7 < 6.12.23
LinuxLinux Kernel Version >= 6.13 < 6.13.11
LinuxLinux Kernel Version >= 6.14 < 6.14.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/bc1db4d8f1b0dc480d7d745a60a8cc94ce2badd4
Patch
https://git.kernel.org/stable/c/667a628ab67d359166799fad89b3c6909599558a
Patch
https://git.kernel.org/stable/c/a114d25d584c14019d31dbf2163780c47415a187
Patch
https://git.kernel.org/stable/c/78411a133312ce7d8a3239c76a8fd85bca1cc10f
Patch
https://git.kernel.org/stable/c/7aa6bb5276d9fec98deb05615a086eeb893854ad
Patch
https://git.kernel.org/stable/c/83437689249e6a17b25e27712fbee292e42e7855
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html