SB2025071104 - Use-after-free in Linux kernel md bcache driver
Published: July 11, 2025
Security Bulletin ID
SB2025071104
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1e46ed947ec658f89f1a910d880cd05e42d3763e
- https://git.kernel.org/stable/c/1f25f2d3fa29325320c19a30abf787e0bd5fc91b
- https://git.kernel.org/stable/c/3f9e128186c99a117e304f1dce6d0b9e50c63cd8
- https://git.kernel.org/stable/c/553f560e0a74a7008ad9dba05c3fd05da296befb
- https://git.kernel.org/stable/c/667c3f52373ff5354cb3543e27237eb7df7b2333
- https://git.kernel.org/stable/c/c4f5e7e417034b05f5d2f5fa9a872db897da69bd