SB2025092211 - Use-after-free in Linux kernel fs
Published: September 22, 2025
Security Bulletin ID
SB2025092211
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1edc2feb9c759a9883dfe81cb5ed231412d8b2e4
- https://git.kernel.org/stable/c/b187c976111960e6e54a6b1fff724f6e3d39406c
- https://git.kernel.org/stable/c/bf89b1f87c72df79cf76203f71fbf8349cd5c9de
- https://git.kernel.org/stable/c/c8c14adf80bd1a6e4a1d7ee9c2a816881c26d17a
- https://git.kernel.org/stable/c/d02d2c98d25793902f65803ab853b592c7a96b29
- https://git.kernel.org/stable/c/e63052921f1b25a836feb1500b841bff7a4a0456