[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-22020":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":34,"epss":9,"epss_history":35,"metrics":36,"affected":43},"DEBIAN-CVE-2025-22020","In the Linux kernel, the following vulnerability has been resolved:  memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove  This fixes the following crash:  ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241  CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G            E      6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024 Workqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms] Call Trace:  \u003CTASK>  dump_stack_lvl+0x51/0x70  print_address_description.constprop.0+0x27/0x320  ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]  print_report+0x3e/0x70  kasan_report+0xab/0xe0  ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]  rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]  ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]  ? __pfx___schedule+0x10/0x10  ? kick_pool+0x3b/0x270  process_one_work+0x357/0x660  worker_thread+0x390/0x4c0  ? __pfx_worker_thread+0x10/0x10  kthread+0x190/0x1d0  ? __pfx_kthread+0x10/0x10  ret_from_fork+0x2d/0x50  ? __pfx_kthread+0x10/0x10  ret_from_fork_asm+0x1a/0x30  \u003C/TASK>  Allocated by task 161446:  kasan_save_stack+0x20/0x40  kasan_save_track+0x10/0x30  __kasan_kmalloc+0x7b/0x90  __kmalloc_noprof+0x1a7/0x470  memstick_alloc_host+0x1f/0xe0 [memstick]  rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]  platform_probe+0x60/0xe0  call_driver_probe+0x35/0x120  really_probe+0x123/0x410  __driver_probe_device+0xc7/0x1e0  driver_probe_device+0x49/0xf0  __device_attach_driver+0xc6/0x160  bus_for_each_drv+0xe4/0x160  __device_attach+0x13a/0x2b0  bus_probe_device+0xbd/0xd0  device_add+0x4a5/0x760  platform_device_add+0x189/0x370  mfd_add_device+0x587/0x5e0  mfd_add_devices+0xb1/0x130  rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]  usb_probe_interface+0x15c/0x460  call_driver_probe+0x35/0x120  really_probe+0x123/0x410  __driver_probe_device+0xc7/0x1e0  driver_probe_device+0x49/0xf0  __device_attach_driver+0xc6/0x160  bus_for_each_drv+0xe4/0x160  __device_attach+0x13a/0x2b0  rebind_marked_interfaces.isra.0+0xcc/0x110  usb_reset_device+0x352/0x410  usbdev_do_ioctl+0xe5c/0x1860  usbdev_ioctl+0xa/0x20  __x64_sys_ioctl+0xc5/0xf0  do_syscall_64+0x59/0x170  entry_SYSCALL_64_after_hwframe+0x76/0x7e  Freed by task 161506:  kasan_save_stack+0x20/0x40  kasan_save_track+0x10/0x30  kasan_save_free_info+0x36/0x60  __kasan_slab_free+0x34/0x50  kfree+0x1fd/0x3b0  device_release+0x56/0xf0  kobject_cleanup+0x73/0x1c0  rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]  platform_remove+0x2f/0x50  device_release_driver_internal+0x24b/0x2e0  bus_remove_device+0x124/0x1d0  device_del+0x239/0x530  platform_device_del.part.0+0x19/0xe0  platform_device_unregister+0x1c/0x40  mfd_remove_devices_fn+0x167/0x170  device_for_each_child_reverse+0xc9/0x130  mfd_remove_devices+0x6e/0xa0  rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]  usb_unbind_interface+0xf3/0x3f0  device_release_driver_internal+0x24b/0x2e0  proc_disconnect_claim+0x13d/0x220  usbdev_do_ioctl+0xb5e/0x1860  usbdev_ioctl+0xa/0x20  __x64_sys_ioctl+0xc5/0xf0  do_syscall_64+0x59/0x170  entry_SYSCALL_64_after_hwframe+0x76/0x7e  Last potentially related work creation:  kasan_save_stack+0x20/0x40  kasan_record_aux_stack+0x85/0x90  insert_work+0x29/0x100  __queue_work+0x34a/0x540  call_timer_fn+0x2a/0x160  expire_timers+0x5f/0x1f0  __run_timer_base.part.0+0x1b6/0x1e0  run_timer_softirq+0x8b/0xe0  handle_softirqs+0xf9/0x360  __irq_exit_rcu+0x114/0x130  sysvec_apic_timer_interrupt+0x72/0x90  asm_sysvec_apic_timer_interrupt+0x16/0x20  Second to last potentially related work creation:  kasan_save_stack+0x20/0x40  kasan_record_aux_stack+0x85/0x90  insert_work+0x29/0x100  __queue_work+0x34a/0x540  call_timer_fn+0x2a/0x160  expire_timers+0x5f/0x1f0  __run_timer_base.part.0+0x1b6/0x1e0  run_timer_softirq+0x8b/0xe0  handle_softirqs+0xf9/0x ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2025-22020",[17,19],{"_key":18},"DLA-4178-1",{"_key":20},"DLA-4193-1",[],[],"2025-04-16T11:15:42.640Z","2026-04-28T20:29:39.045351Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28],{"url":29,"sources":30,"tags":32},"https://security-tracker.debian.org/tracker/CVE-2025-22020",[31],"osv_debian",[33],"Advisory",[],[],[37],{"source":31,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":38,"cvss_v4_0":9},{"baseScore":39,"baseSeverity":9,"vectorString":40,"impactScore":41,"exploitabilityScore":42},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[44,63],{"ecosystem":45,"name":46,"vendor":47,"product":46,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":46,"source":9,"versions":49},"Debian","linux","debian","deb",[50,56,59,62],{"version":51,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":55,"fixed_in":9},"lt5_10_237_1",true,"ecosystem","5.10.237-1","excluding",{"version":57,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},"lt6_1_133_1","6.1.133-1",{"version":60,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":55,"fixed_in":9},"lt6_12_22_1","6.12.22-1",{"version":60,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":55,"fixed_in":9},{"ecosystem":45,"name":64,"vendor":47,"product":64,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":64,"source":9,"versions":65},"linux-6.1",[66],{"version":67,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":68,"version_end_type":55,"fixed_in":9},"lt6_1_137_1~deb11u1","6.1.137-1~deb11u1"]