CVE-2025-22083
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's vhost-scsi subsystem allows attackers to cause denial of service, system crashes, or potentially execute arbitrary code. This affects systems using vhost-scsi for virtualized SCSI storage, particularly those where vhost_scsi_set_endpoint is called multiple times without proper cleanup. The vulnerability is exploitable by users with access to vhost-scsi interfaces, typically virtual machine guests or privileged users.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential privilege escalation to kernel mode, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel crashes, denial of service to virtual machines using vhost-scsi storage, or inability to manage storage targets.
If Mitigated
Limited impact if proper access controls prevent unauthorized users from calling vhost_scsi_set_endpoint multiple times.
🎯 Exploit Status
Exploitation requires ability to call vhost_scsi_set_endpoint multiple times, which is prevented by major users like QEMU. The vulnerability was discovered through code analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 2b34bdc42df047794542f3e220fe989124e4499a, 3a19eb3d9818e28f14c818a18dc913344a52ca92, 3fd054baf382a426bbf5135ede0fc5673db74d3e, 451c72f5e7cf5d339a6410a635cee0825687c3dc, 5dd639a1646ef5fe8f4bf270fad47c5c3755b9b6
Vendor Advisory: https://git.kernel.org/stable/c/2b34bdc42df047794542f3e220fe989124e4499a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Prevent multiple vhost_scsi_set_endpoint calls
linuxEnsure applications using vhost-scsi (like QEMU) follow proper sequence: vhost_scsi_clear_endpoint must be called between vhost_scsi_set_endpoint calls.
Disable vhost-scsi if not needed
linuxRemove or disable vhost-scsi module if not required for your virtualization setup.
modprobe -r vhost_scsi
🧯 If You Can't Patch
- Ensure QEMU or other vhost-scsi users are updated to versions that prevent multiple vhost_scsi_set_endpoint calls
- Restrict access to vhost-scsi interfaces to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if vhost_scsi module is loaded: lsmod | grep vhost_scsi && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with your distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash dumps
- vhost-scsi error messages in dmesg
SIEM Query:
Search for kernel panic events or vhost-scsi related crashes in system logs🔗 References
- https://git.kernel.org/stable/c/2b34bdc42df047794542f3e220fe989124e4499a
- https://git.kernel.org/stable/c/3a19eb3d9818e28f14c818a18dc913344a52ca92
- https://git.kernel.org/stable/c/3fd054baf382a426bbf5135ede0fc5673db74d3e
- https://git.kernel.org/stable/c/451c72f5e7cf5d339a6410a635cee0825687c3dc
- https://git.kernel.org/stable/c/5dd639a1646ef5fe8f4bf270fad47c5c3755b9b6
- https://git.kernel.org/stable/c/63b449f73ab0dcc0ba11ceaa4c5c70bc86ccf03c
