CVE-2025-68372

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free (UAF) issue within the Network Block Device (NBD) subsystem. The issue occurs in the recv work function when handling NBD CLEAR SOCK and NBD CMD RECONFIGURE operations. Specifically, the config put function is called at an incorrect time, potentially leading to the config structure being freed while recv work is still running. This can happen in scenarios involving network connections with or without the NBD CFLAG DESTROY ON DISCONNECT flag. The root cause is related to the timing of nbd config put() and the completion of worker threads. The issue is triggered by calls to flush workqueue() in nbd start device ioctl(). The vulnerable code paths involve functions such as nbd genl connect, nbd open, nbd release, nbd disconnect and put, and recv work. The config->recv threads atomic counter is decremented after the configuration is freed, leading to the UAF condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.