SB2025102046 - Use-after-free in Linux kernel scsi mvsas driver
Published: October 20, 2025
Security Bulletin ID
SB2025102046
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-40001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/00d3af40b158ebf7c7db2b3bbb1598a54bf28127
- https://git.kernel.org/stable/c/3c90f583d679c81a5a607a6ae0051251b6dee35b
- https://git.kernel.org/stable/c/60cd16a3b7439ccb699d0bf533799eeb894fd217
- https://git.kernel.org/stable/c/6ba7e73cafd155a5d3abf560d315f0bab2b9d89f
- https://git.kernel.org/stable/c/c2c35cb2a31844f84f21ab364b38b4309d756d42
- https://git.kernel.org/stable/c/feb946d2fc9dc754bf3d594d42cd228860ff8647