github - ghsa-27g4-h3mx-8j8p

ghsa-27g4-h3mx-8j8p

Vulnerability from github

Published

2025-09-23 03:30

Modified

2025-09-23 03:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1.9 (Low) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Details

A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-10824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-23T01:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.",
  "id": "GHSA-27g4-h3mx-8j8p",
  "modified": "2025-09-23T03:30:26Z",
  "published": "2025-09-23T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10824"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axboe/fio/issues/1981"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/22266756/poc.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.325181"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.325181"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.654072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-10824 (GCVE-0-2025-10824)

Vulnerability from cvelistv5

Published

2025-09-23 00:02

Modified

2025-09-23 19:55

Severity ?

1.9 (Low) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R

CWE

CWE-416 - Use After Free
CWE-119 - Memory Corruption

Summary

References

URL

Tags

	https://vuldb.com/?id.325181	vdb-entry, technical-description
	https://vuldb.com/?ctiid.325181	signature, permissions-required
	https://vuldb.com/?submit.654072	third-party-advisory
	https://github.com/axboe/fio/issues/1981	issue-tracking
	https://github.com/user-attachments/files/22266756/poc.zip	exploit

Impacted products

	Vendor	Product	Version
	axboe	fio	Version: 3.0 Version: 3.1 Version: 3.2 Version: 3.3 Version: 3.4 Version: 3.5 Version: 3.6 Version: 3.7 Version: 3.8 Version: 3.9 Version: 3.10 Version: 3.11 Version: 3.12 Version: 3.13 Version: 3.14 Version: 3.15 Version: 3.16 Version: 3.17 Version: 3.18 Version: 3.19 Version: 3.20 Version: 3.21 Version: 3.22 Version: 3.23 Version: 3.24 Version: 3.25 Version: 3.26 Version: 3.27 Version: 3.28 Version: 3.29 Version: 3.30 Version: 3.31 Version: 3.32 Version: 3.33 Version: 3.34 Version: 3.35 Version: 3.36 Version: 3.37 Version: 3.38 Version: 3.39 Version: 3.40 Version: 3.41

Show details on NVD website