CVE-2025-22088: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

After the erdma_cep_put(new_cep) being called, new_cep will be freed,
and the following dereference will cause a UAF problem. Fix this issue.

Classification

CVE ID: CVE-2025-22088

Affected Products

Vendor: Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 5.04% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22088
https://git.kernel.org/stable/c/bc1db4d8f1b0dc480d7d745a60a8cc94ce2badd4
https://git.kernel.org/stable/c/667a628ab67d359166799fad89b3c6909599558a
https://git.kernel.org/stable/c/a114d25d584c14019d31dbf2163780c47415a187
https://git.kernel.org/stable/c/78411a133312ce7d8a3239c76a8fd85bca1cc10f
https://git.kernel.org/stable/c/7aa6bb5276d9fec98deb05615a086eeb893854ad
https://git.kernel.org/stable/c/83437689249e6a17b25e27712fbee292e42e7855

Timeline

2025-04-16 15:40:39 UTC
CVE

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()