SB2025122258 - Use-after-free in Linux kernel usb storage driver
Published: December 22, 2025
Security Bulletin ID
SB2025122258
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-68331)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uas_queuecommand_lck() function in drivers/usb/storage/uas.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/26d56a9fcb2014b99e654127960aa0a48a391e3c
- https://git.kernel.org/stable/c/2b90a8131c83f6f2be69397d2b7d14d217d95d2f
- https://git.kernel.org/stable/c/426edbfc88b22601ea34a441a469092e7b301c52
- https://git.kernel.org/stable/c/6289fc489e94c9beb6be2b502ccc263663733d72
- https://git.kernel.org/stable/c/66ac05e7b0d6bbd1bee9fcf729e20fd4cce86d17
- https://git.kernel.org/stable/c/75f8e2643085db4f7e136fc6b368eb114dd80a64
- https://git.kernel.org/stable/c/e3a55221f4de080cb7a91ba10f01c4f708603f8d