CVE-2025-21631

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A use-after-free vulnerability has been resolved in the Linux kernel. The issue is related to the bfq init rq function in the block/bfq-iosched.c file, where a slab-use-after-free error occurs. The vulnerability was reported by syzkaller for Linux kernel version 6.6. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the bfq init rq function until a patch is available. Restrict access to the vulnerable block/bfq-iosched.c module to minimize the risk of exploitation. Avoid using the bfq get queue function in the affected API endpoint until the issue is resolved.