Acknowledged
Created: Oct 10, 2025
Updated: Oct 17, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]blk-crypto: make blk_crypto_evict_key() more robust[EOL][EOL]If blk_crypto_evict_key() sees that the key is still in-use (due to a[EOL]bug) or that ->keyslot_evict failed, it currently just returns while[EOL]leaving the key linked into the keyslot management structures.[EOL][EOL]However, blk_crypto_evict_key() is only called in contexts such as inode[EOL]eviction where failure is not an option. So actually the caller[EOL]proceeds with freeing the blk_crypto_key regardless of the return value[EOL]of blk_crypto_evict_key().[EOL][EOL]These two assumptions don't match, and the result is that there can be a[EOL]use-after-free in blk_crypto_reprogram_all_keys() after one of these[EOL]errors occurs. (Note, these errors *shouldn't* happen; we're just[EOL]talking about what happens if they do anyway.)[EOL][EOL]Fix this by making blk_crypto_evict_key() unlink the key from the[EOL]keyslot management structures even on failure.[EOL][EOL]Also improve some comments.
