CVE-2025-38019Use After Free in Linux

CWE-416Use After FreeCWE-825Expired Pointer Dereference43 documents6 sources
Severity
7.8HIGHNVD
OSV3.2
EPSS
0.1%
top 79.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedJun 18
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices The driver only offloads neighbors that are constructed on top of net devices registered by it or their uppers (which are all Ethernet). The device supports GRE encapsulation and decapsulation of forwarded traffic, but the driver will not offload dummy neighbors constructed on top of GRE net devices as they are not uppers of its net devices: # ip link ad

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

NVDlinux/linux_kernel6.66.6.92+3
Debianlinux/linux_kernel< 6.12.30-1+1
Ubuntulinux/linux_kernel< 6.8.0-100.100
CVEListV5linux/linux8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0f1ecccb5cdda39bca8cd17bb0b6cf61361e33578+4
debiandebian/linux< linux 6.12.30-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

21
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

21
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38019 — Use After Free in Linux | cvebase