Acknowledged
Created: Jul 7, 2025
Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ipc: fix to protect IPCS lookups using RCU[EOL][EOL]syzbot reported that it discovered a use-after-free vulnerability, [0][EOL][EOL][0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/[EOL][EOL]idr_for_each() is protected by rwsem, but this is not enough. If it is[EOL]not protected by RCU read-critical region, when idr_for_each() calls[EOL]radix_tree_node_free() through call_rcu() to free the radix_tree_node[EOL]structure, the node will be freed immediately, and when reading the next[EOL]node in radix_tree_for_each_slot(), the already freed memory may be read.[EOL][EOL]Therefore, we need to add code to make sure that idr_for_each() is[EOL]protected within the RCU read-critical region when we call it in[EOL]shm_destroy_orphaned().
CREATE(Triage):(User=admin) [CVE-2025-38212 (https://nvd.nist.gov/vuln/detail/CVE-2025-38212)
