SB2025090456 - Use-after-free in Linux kernel block drbd driver
Published: September 4, 2025
Security Bulletin ID
SB2025090456
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-38708)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the handle_write_conflicts() function in drivers/block/drbd/drbd_receiver.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/00c9c9628b49e368d140cfa61d7df9b8922ec2a8
- https://git.kernel.org/stable/c/0336bfe9c237476bd7c45605a36ca79c2bca62e5
- https://git.kernel.org/stable/c/3a896498f6f577e57bf26aaa93b48c22b6d20c20
- https://git.kernel.org/stable/c/46e3763dcae0ffcf8fcfaff4fc10a90a92ffdd89
- https://git.kernel.org/stable/c/57418de35420cedab035aa1da8a26c0499b7f575
- https://git.kernel.org/stable/c/7d483ad300fc0a06f69b019dda8f74970714baf8
- https://git.kernel.org/stable/c/810cd546a29bfac90ed1328ea01d693d4bd11cb1
- https://git.kernel.org/stable/c/84ef8dd3238330d1795745ece83b19f0295751bf
- https://git.kernel.org/stable/c/9f53b2433ad248cd3342cc345f56f5c7904bd8c4