CVE-2025-6018

Published Jul 23, 2025

Last updated 4 months ago

CVSS high 7.8
Linux
PAM

Overview

Description
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.
Source
secalert@redhat.com
NVD status
Modified
Products
pam-config

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-863

Social media

Hype score
Not currently trending

  1. 🚨 No Kernel, No Problem: Chaining #CVE-2025-6018 & #CVE-2025-6019 for Root on a Patched #Linux Box + Video https://t.co/7r2hwhaKBI Educational Purposes!

    @UndercodeUpdate

    22 Feb 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Created my first CVE exploit for CVE-2025-6018 & CVE-2025-6019: Local Privilege Escalation. Check it out here on github https://t.co/ODMgaGcQD1

    @Mr_Venturella

    9 Feb 2026

    63 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Just finished a deep dive into Pterodactyl on HackTheBox. This one was a beast—chaining CVE-2025-49132 for the initial foothold, then navigating PAM environment injection (CVE-2025-6018) and a UDisks2 LPE (CVE-2025-6019) to hit root. https://t.co/Nj0binGMH3 #HackTheBox #HTB

    @bundibrianx

    8 Feb 2026

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-6018 A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged… https://t.co/a9Sa1YNG9j

    @CVEnew

    23 Jul 2025

    328 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. New Linux Bugs Let Hackers Gain Root: CVE-2025-6018 & 6019 https://t.co/1fhVzVCwWF by @sarthak_v2 via @CsharpCorner https://t.co/s6PezDnP5C

    @harishchand314

    10 Jul 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-6018 y CVE-2025-6019 son vulnerabilidades de escalada de privilegios locales, presentes en los módulos de autenticación conectables (PAM) de SUSE. https://t.co/cGvTD9Z5cM #alertasdeciberseguridad #ataquesciberneticos #Ciberseguridad #Linux #proteccióntotal #CobraNetwo

    @Cobra_Networks

    25 Jun 2025

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Zeit für Patches. Lücke im PAM und in der Bibliothek libblockdev/udisks gibt den falschen Leuten Root-Rechte auf "major Linux Distros" (CVE-2025-6018) https://t.co/B3keGBOQS9

    @johnnycache_

    23 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Critical update for pam_pkcs11 (CVE-2025-6018, CVSS 8.6) patches a local auth bypass flaw. Patch via: zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2032=1 Read more : 👉 https://t.co/XOMRd3aesq #LinuxSecurity https://t.co/exTQCCVSBS

    @Cezar_H_Linux

    21 Jun 2025

    32 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  9. #exploit 1. CVE-2025-6018/6019: LPE from unprivileged to allow_active in *SUSE 15's PAM / to root in libblockdev via udisks - https://t.co/MXRzsR4oww 2. CVE-2025-33073: PoC Exploit for NTLM reflection SMB flaw - https://t.co/elnGe06QEq 3. CVE-2025-1087: Arbitrary code execution

    @ksg93rd

    20 Jun 2025

    167 Impressions

    0 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. Reportadas vulnerabilidades críticas (CVE-2025-6018 y CVE-2025-6019) en los módulos PAM y UDisks que afectan a distribuciones Linux como SUSE, Ubuntu, Debian y Fedora. Estas fallas permiten la escalada de privilegios locales mediante la explotación combinada de pam_env y polki

    @henryraul

    20 Jun 2025

    80 Impressions

    5 Retweets

    5 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  11. Linux flaws chain allows Root access across major distributions Qualys researchers discovered two chained local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that can grant root access on major Linux distributions. CVE-2025-6018 allows unprivileg

    @dCypherIO

    20 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Researchers found two local privilege escalation flaws (CVE-2025-6018 & CVE-2025-6019) in major Linux distributions that could allow unprivileged attackers to gain root access, urging users to apply patches or adjust Polkit rules. #LinuxSecurity #Vulnera… https://t.co/DXL0q

    @Cyber_O51NT

    20 Jun 2025

    227 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. Critical Linux Flaws (CVE-2025-6018 & CVE-2025-6019) Allow Unprivileged Users to Gain Root Access https://t.co/vb2D8wdzVQ

    @the_yellow_fall

    20 Jun 2025

    1408 Impressions

    15 Retweets

    31 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  14. Researchers at @qualys have uncovered two privilege escalation flaws: CVE-2025-6018 and CVE-2025-6019, that can be chained to let attackers gain full root access. 🔗 Read more: https://t.co/AXCjO8H3Yi ✍ Josh Breaker-Rolfe #Linux #Vulnerability #ISBNews

    @Info_Sec_Buzz

    20 Jun 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. New CVEs = Full Root Access on @Linux ? CVE-2025-6018 + CVE-2025-6019 allow remote users to spoof physical access, then go full root via udisks. Add CVE-2023-0386 & you’ve got a serious escalation chain. Patch now! 🔗 https://t.co/SMrpkBeJvN #CyberSecurity #Linux #C

    @socradar

    20 Jun 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. URGENT: SUSE patches high-severity GDM flaw (CVE-2025-6018, CVSS 8.6). Requires removing pam_env from auth stack. Impacts: ✅ SLES 15 SP3 ✅ SAP Apps ✅ HPC clusters Read more: 👉 https://t.co/WKtitLdkBQ #infosec #Linux https://t.co/eGnH7i4V86

    @Cezar_H_Linux

    19 Jun 2025

    46 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  17. Security Alert: New Linux flaws (CVE-2025-6018, CVE-2025-6019) allow attackers to gain full root access on major distributions, reported today, June 19, 2025. Threat: A simple user login can escalate to full system control via PAM and udisks, risking data breaches or downtime in

    @tony3266

    19 Jun 2025

    78 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 اكتشاف ثغرة جديدة في نظام لينكس! ثغرتان متتاليتان (CVE-2025-6018 و6019) تسمحان لأي مستخدم محلي بالحصول على صلاحيات الجذر في ثوانٍ - دون الحاجة إلى ثغرة يوم الصف

    @zoro__dev

    19 Jun 2025

    120 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-6018 : New Linux udisks flaw lets attackers get root on major Linux distros https://t.co/wDj4i9OvoQ

    @freedomhack101

    19 Jun 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2025-6018 and CVE-2025-6019: New Linux privilege escalation flaws in PAM and udisks allow local attackers to chain exploits and gain full root. Confirmed on SUSE, Ubuntu, Debian, and Fedora. Patch now and update Polkit rules. #Linux #CVE2025 #PrivilegeEscalation https://t.

    @CloneSystemsInc

    19 Jun 2025

    87 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🐧 Two new Linux flaws (CVE-2025-6018 & CVE-2025-6019) allow attackers to escalate from user to root in seconds—impacting major distros via PAM & udisks. Patch now. #Vulnerability 🚨 #PrivilegeEscalation 🧨 https://t.co/9OkAqPhNjC

    @manuelbissey

    19 Jun 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Root access for anyone? Major new Linux flaws (CVE-2025-6018/6019) let attackers escalate to full control. Patch now or stay vulnerable. 🛡️ Our USB toolkit helps you audit devices fast. https://t.co/CquUH5faUS https://t.co/N883H8SvFL

    @bootableusbs

    19 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 3 Critical CVEs – Patch Now! 🔒 Linux (CVE-2025-6018/6019): Root via udisks + PAM ✅ Update all major distros 🧨 Veeam (CVE-2025-23121): RCE via domain user ✅ Patch to v12.1.2.1722 🔥 SAP (CVE-2025-31324): CVSS 10.0 zero-day ✅ Apply Apr/May 2025 SAP Notes htt

    @Samuel257196756

    19 Jun 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 ALERT: Critical flaws in openSUSE Leap 15, Ubuntu, Debian & Fedora! CVE-2025-6018 & CVE-2025-6019 grant FULL ROOT ACCESS. Patch NOW or risk total compromise! 🔐 #Linux #Cybersecurity https://t.co/JFVopwIz3I

    @_F2po_

    19 Jun 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Two critical Linux flaws (CVE-2025-6018 & CVE-2025-6019) could let attackers gain full root access via PAM and udisks. These vulnerabilities affect major distros—patch now to prevent system-wide compromises. 🔐 #LinuxSecurity #CyberThreat #UK https://t.co/cinHZ9j03b

    @TweetThreatNews

    19 Jun 2025

    137 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15's PAM CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks https://t.co/JBQttZCpsS

    @hardenedlinux

    19 Jun 2025

    195 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 【Linuxに権限昇格の脆弱性:CVE-2025-6018、CVE-2025-6019】両脆弱性を連鎖させると完全なroot権限を得られるという。またこれとは別に米CISAは17日、Linuxカーネルの古い脆弱性CVE-2023-0386(不適切な所有権管理)をKEVカタ

    @MachinaRecord

    19 Jun 2025

    165 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 19/06/2025 New critical vulnerabilities allow full root access on major Linux distros! 🚨 CVE-2025-6018 & CVE-2025-6019 pose severe LPE risks. Immediate patching recommended to protect systems. Source: https://t.co/z0y0LBtEju

    @kernyx64

    19 Jun 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Root access risk! New Linux flaws (CVE-2025-6018, CVE-2025-6019) let attackers gain full control. Patch ASAP & tweak Polkit/PAM settings to mitigate. #LinuxSecurity #Cybersecurity #VulnerabilityManagement https://t.co/cDr2n7YAe4

    @fernandokarl

    19 Jun 2025

    80 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Critical Linux vulnerabilities CVE-2025-6018 & CVE-2025-6019 allow privilege escalation to root level. Stay informed: https://t.co/pT4qjDPZnF #CyberSecurity #LinuxSecurity

    @threatlight

    19 Jun 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 New Linux Root Exploits Discovered! 2 chained flaws (CVE-2025-6018 & 6019) let any local user become root in seconds—no zero-day needed. The worst part? Most distros are vulnerable by default. Details here → https://t.co/AYIwPmJhM4... https://t.co/GxckEpic9A

    @IT_news_for_all

    19 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 New Linux Root Exploits Discovered! 2 chained flaws (CVE-2025-6018 & 6019) let any local user become root in seconds—no zero-day needed. The worst part? Most distros are vulnerable by default. Details here → https://t.co/k8mvlHxMJF

    @TheHackersNews

    19 Jun 2025

    24682 Impressions

    116 Retweets

    270 Likes

    95 Bookmarks

    4 Replies

    0 Quotes

  33. Two local privilege escalation vulnerabilities, CVE-2025-6018 on openSUSE and CVE-2025-6019 in libblockdev, allow attackers to gain root access. Immediate patching is essential to prevent network compromise. #Security https://t.co/5OKW8oYWvT

    @Strivehawk

    18 Jun 2025

    79 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 2つのLPEを連鎖させて「ルート」権限を取得:ほとんどのLinuxディストリビューションに脆弱性(CVE-2025-6018、CVE-2025-6019) Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) #HelpNetSecurity

    @foxbook

    18 Jun 2025

    322 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. New Linux udisks flaw lets attackers get root on major Linux distros Two critical local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 (in PAM on SUSE systems) and CVE-2025-6019 (in libblockdev via the udisks daemon)—can be chained to gain root access on major Lin

    @dCypherIO

    18 Jun 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) https://t.co/hV5v38CzNH #HelpNetSecurity #Cybersecurity https://t.co/yHV69W18Jd

    @PoseidonTPA

    18 Jun 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Chaining two LPEs to get “#root”: Most #Linux distros vulnerable (#CVE-2025-6018, CVE-2025-6019) https://t.co/qzo11uGo99

    @ScyScan

    18 Jun 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Qualys found 2 Linux vulns (CVE-2025-6018, CVE-2025-6019) that, when combined, grant root access easily. CVE-2025-6018 misconfigures PAM, letting attackers bypass security. CVE-2025-6019 is in libblockdev. Patch immediately! https://t.co/7aK3qHwFMC

    @Jfreeg_

    18 Jun 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 【CVE-2025-6018,6019】PAMとudisksの連鎖攻撃でroot権限奪取が可能、openSUSE・Ubuntuなど主要Linuxディストリビューションに影響 https://t.co/uE9iYLsUU2 @nikkeimatomeより

    @nikkeimatome

    18 Jun 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. ⚠️ Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access Read more: https://t.co/jn550VqurA Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions. The

    @The_Cyber_News

    18 Jun 2025

    597 Impressions

    2 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  41. 多くのLinuxディストリビューションに影響する権限昇格の脆弱性チェーンについて。CVE-2025-6018及びCVE-2025-6019。 https://t.co/tvY1bpZJvR 前者はPAMの構成に起因し、SSH経由のユーザにコンソールアクセス時の"allow_active"

    @__kokumoto

    18 Jun 2025

    1840 Impressions

    4 Retweets

    17 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  42. CVE-2025-6018 CVE-2025-6019 https://t.co/yFocL7Z2Gr

    @VulmonFeeds

    17 Jun 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Linux Kernel Use of Uninitialized Resource VulnerabilityCVE-2024-50302
  2. In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait hashdance"), inet_twsk_hashdance() sets TIME-WAIT socket's sk_refcnt after putting it into ehash and releasing the bucket lock. Thus, there is a small race window where other threads could try to reuse the port during connect() and call sock_hold() in tcp_twsk_unique() for the TIME-WAIT socket with zero refcnt. If that happens, the refcnt taken by tcp_twsk_unique() is overwritten and sock_put() will cause underflow, triggering a real use-after-free somewhere else. To avoid the use-after-free, we need to use refcount_inc_not_zero() in tcp_twsk_unique() and give up on reusing the port if it returns false. [0]: refcount_t: addition on 0; use-after-free. WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110 CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1 Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023 RIP: 0010:refcount_warn_saturate+0xe5/0x110 Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8 RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027 RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0 RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0 R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84 R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0 FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <TASK> ? refcount_warn_saturate+0xe5/0x110 ? __warn+0x81/0x130 ? refcount_warn_saturate+0xe5/0x110 ? report_bug+0x171/0x1a0 ? refcount_warn_saturate+0xe5/0x110 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? refcount_warn_saturate+0xe5/0x110 tcp_twsk_unique+0x186/0x190 __inet_check_established+0x176/0x2d0 __inet_hash_connect+0x74/0x7d0 ? __pfx___inet_check_established+0x10/0x10 tcp_v4_connect+0x278/0x530 __inet_stream_connect+0x10f/0x3d0 inet_stream_connect+0x3a/0x60 __sys_connect+0xa8/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0x83/0x170 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7f62c11a885d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0 R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0 </TASK>CVE-2024-36904
  3. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock will be deallocated later, but it is dereferenced again in sco_sock_timeout. As a result, the use-after-free bugs will happen. The root cause is shown below: Cleanup Thread | Worker Thread sco_sock_release | sco_sock_close | __sco_sock_close | sco_sock_set_timer | schedule_delayed_work | sco_sock_kill | (wait a time) sock_put(sk) //FREE | sco_sock_timeout | sock_hold(sk) //USE The KASAN report triggered by POC is shown below: [ 95.890016] ================================================================== [ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0 [ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7 ... [ 95.890755] Workqueue: events sco_sock_timeout [ 95.890755] Call Trace: [ 95.890755] <TASK> [ 95.890755] dump_stack_lvl+0x45/0x110 [ 95.890755] print_address_description+0x78/0x390 [ 95.890755] print_report+0x11b/0x250 [ 95.890755] ? __virt_addr_valid+0xbe/0xf0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_report+0x139/0x170 [ 95.890755] ? update_load_avg+0xe5/0x9f0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_check_range+0x2c3/0x2e0 [ 95.890755] sco_sock_timeout+0x5e/0x1c0 [ 95.890755] process_one_work+0x561/0xc50 [ 95.890755] worker_thread+0xab2/0x13c0 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] kthread+0x279/0x300 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork+0x34/0x60 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork_asm+0x11/0x20 [ 95.890755] </TASK> [ 95.890755] [ 95.890755] Allocated by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] __kasan_kmalloc+0x86/0x90 [ 95.890755] __kmalloc+0x17f/0x360 [ 95.890755] sk_prot_alloc+0xe1/0x1a0 [ 95.890755] sk_alloc+0x31/0x4e0 [ 95.890755] bt_sock_alloc+0x2b/0x2a0 [ 95.890755] sco_sock_create+0xad/0x320 [ 95.890755] bt_sock_create+0x145/0x320 [ 95.890755] __sock_create+0x2e1/0x650 [ 95.890755] __sys_socket+0xd0/0x280 [ 95.890755] __x64_sys_socket+0x75/0x80 [ 95.890755] do_syscall_64+0xc4/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] Freed by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] kasan_save_free_info+0x40/0x50 [ 95.890755] poison_slab_object+0x118/0x180 [ 95.890755] __kasan_slab_free+0x12/0x30 [ 95.890755] kfree+0xb2/0x240 [ 95.890755] __sk_destruct+0x317/0x410 [ 95.890755] sco_sock_release+0x232/0x280 [ 95.890755] sock_close+0xb2/0x210 [ 95.890755] __fput+0x37f/0x770 [ 95.890755] task_work_run+0x1ae/0x210 [ 95.890755] get_signal+0xe17/0xf70 [ 95.890755] arch_do_signal_or_restart+0x3f/0x520 [ 95.890755] syscall_exit_to_user_mode+0x55/0x120 [ 95.890755] do_syscall_64+0xd1/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] The buggy address belongs to the object at ffff88800c388000 [ 95.890755] which belongs to the cache kmalloc-1k of size 1024 [ 95.890755] The buggy address is located 128 bytes inside of [ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400) [ 95.890755] [ 95.890755] The buggy address belongs to the physical page: [ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388 [ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.890755] ano ---truncated---CVE-2024-27398
  4. Linux Kernel Heap Out-of-Bounds Write VulnerabilityCVE-2021-22555

References

Sources include official advisories and independent security research.