VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-78xy-94h7-v3f4

Essentials
Severities (17)
References (23)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-78xy-94h7-v3f4
Aliases	CVE-2025-21739
Summary	kernel: scsi: ufs: core: Fix use-after free in init error and remove paths
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	6.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21739.json
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-21739
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-21739
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2025-21739
cvssv3.1	6.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://git.kernel.org/stable/c/0a6895c03b1f439236e2d22b1a69ebfc1eb9d5ea
ssvc	Track	https://git.kernel.org/stable/c/0a6895c03b1f439236e2d22b1a69ebfc1eb9d5ea
cvssv3.1	7.8	https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207
ssvc	Track	https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207
cvssv3.1	7.8	https://git.kernel.org/stable/c/0dc539b888fb5f56b6eeddd95433eab557d4b0c1
ssvc	Track	https://git.kernel.org/stable/c/0dc539b888fb5f56b6eeddd95433eab557d4b0c1
cvssv3.1	7.8	https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d
ssvc	Track	https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d
cvssv3.1	7.8	https://git.kernel.org/stable/c/d06eb2620d3bf16056b8b7ea3744dbb5e30512f4
ssvc	Track	https://git.kernel.org/stable/c/d06eb2620d3bf16056b8b7ea3744dbb5e30512f4
cvssv3.1	7.8	https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada
ssvc	Track	https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21739.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-21739
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0a6895c03b1f439236e2d22b1a69ebfc1eb9d5ea		https://git.kernel.org/stable/c/0a6895c03b1f439236e2d22b1a69ebfc1eb9d5ea
0c77c0d754fe83cb154715fcfec6c3faef94f207		https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207
0dc539b888fb5f56b6eeddd95433eab557d4b0c1		https://git.kernel.org/stable/c/0dc539b888fb5f56b6eeddd95433eab557d4b0c1
2348585		https://bugzilla.redhat.com/show_bug.cgi?id=2348585
9c185beae09a3eb85f54777edafa227f7e03075d		https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d
d06eb2620d3bf16056b8b7ea3744dbb5e30512f4		https://git.kernel.org/stable/c/d06eb2620d3bf16056b8b7ea3744dbb5e30512f4
f8fb2403ddebb5eea0033d90d9daae4c88749ada		https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada
RHSA-2025:20518		https://access.redhat.com/errata/RHSA-2025:20518
USN-7521-1		https://usn.ubuntu.com/7521-1/
USN-7521-2		https://usn.ubuntu.com/7521-2/
USN-7521-3		https://usn.ubuntu.com/7521-3/
USN-7651-1		https://usn.ubuntu.com/7651-1/
USN-7651-2		https://usn.ubuntu.com/7651-2/
USN-7651-3		https://usn.ubuntu.com/7651-3/
USN-7651-4		https://usn.ubuntu.com/7651-4/
USN-7651-5		https://usn.ubuntu.com/7651-5/
USN-7651-6		https://usn.ubuntu.com/7651-6/
USN-7652-1		https://usn.ubuntu.com/7652-1/
USN-7653-1		https://usn.ubuntu.com/7653-1/
USN-7737-1		https://usn.ubuntu.com/7737-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21739.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/0a6895c03b1f439236e2d22b1a69ebfc1eb9d5ea

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-27T18:14:30Z/ Found at https://git.kernel.org/stable/c/0a6895c03b1f439236e2d22b1a69ebfc1eb9d5ea

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-27T18:14:30Z/ Found at https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/0dc539b888fb5f56b6eeddd95433eab557d4b0c1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-27T18:14:30Z/ Found at https://git.kernel.org/stable/c/0dc539b888fb5f56b6eeddd95433eab557d4b0c1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-27T18:14:30Z/ Found at https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/d06eb2620d3bf16056b8b7ea3744dbb5e30512f4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-27T18:14:30Z/ Found at https://git.kernel.org/stable/c/d06eb2620d3bf16056b8b7ea3744dbb5e30512f4

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-27T18:14:30Z/ Found at https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada

Exploit Prediction Scoring System (EPSS)

Percentile	0.01385
EPSS Score	0.00011
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:48:05.106674+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21739.json	38.6.0