CVE-2025-38584
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free (UAF) and race condition in the Linux kernel's padata subsystem, specifically in the padata_reorder function. It occurs because a reference count on a data structure (pd) is taken and released improperly around the processing of padata items, which can lead to the data being freed while still in use. The issue arises when padata is added to a queue and the associated lock is released, allowing the reference count to be dropped prematurely. The fix involves adjusting when the next padata is retrieved to ensure the reference count remains valid during processing.
How can this vulnerability impact me? :
This vulnerability could lead to use-after-free conditions in the Linux kernel, potentially causing system instability, crashes, or allowing an attacker to execute arbitrary code or escalate privileges if they can trigger the race condition. The impact depends on whether the padata_replace function is used, as the issue only manifests if that function is called.