PT-2025-16766 · Linux+9 · Linux Kernel+9

Published

2025-03-04

·

Updated

2026-04-20

·

CVE-2025-22126

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability has been identified in the Linux kernel. The issue occurs while iterating the all mddevs list from md notify reboot() and md exit(), where list for each entry safe is used. This can lead to a race condition with deleting the next mddev, causing a use-after-free error. The problem arises because the old helper for each mddev() grabbed the reference of the next mddev while holding the lock to prevent it from being freed. To fix this issue, the code has been modified to use list for each entry, and a helper function mddev put locked() has been factored out.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:9080
BDU:2025-12105
CVE-2025-22126
DLA-4193-1
DSA-5907-1
ECHO-6284-3021-582F
INFSA-2025_9080
OESA-2025-1625
OESA-2025-1629
RHSA-2025:10536
RHSA-2025:10547
RHSA-2025:10701
RHSA-2025:9080
RHSA-2025_9080
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu