SB2025090844 - Use-after-free in Linux kernel fs
Published: September 8, 2025
Security Bulletin ID
SB2025090844
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-39691)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __end_buffer_read_notouch() function in fs/buffer.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03b40bf5d0389ca23ae6857ee25789f0e0b47ce8
- https://git.kernel.org/stable/c/042cf48ecf67f72c8b3846c7fac678f472712ff3
- https://git.kernel.org/stable/c/3169edb8945c295cf89120fc6b2c35cfe3ad4c9e
- https://git.kernel.org/stable/c/70a09115da586bf662c3bae9c0c4a1b99251fad9
- https://git.kernel.org/stable/c/7375f22495e7cd1c5b3b5af9dcc4f6dffe34ce49
- https://git.kernel.org/stable/c/90b5193edb323fefbee0e4e5bc39ed89dcc37719
- https://git.kernel.org/stable/c/c58c6b532b7b69537cfd9ef701c7e37cdcf79dc4
- https://git.kernel.org/stable/c/c5aa6ba1127307ab5dc3773eaf40d73a3423841f