In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq UAF in bfq_limit_depth(). Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock; however, bfq_limit_depth() is dereferencing bfqq from bic without the lock, which can lead to use-after-free (UAF) if the io_context is shared by multiple tasks. For example, testing bfq with io_uring can trigger the following UAF in v6.6. Organizations should prioritize patching immediately.
The impact of this vulnerability is significant, with a CVSS score of 7.8, classifying it as high severity. The potential for exploitation of this vulnerability is concerning, especially considering it allows for local access as the attack vector.
Risk to organizations includes unauthorized access and potential system instability due to the nature of UAF vulnerabilities. Immediate action is required to patch affected systems to prevent exploitation.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)