CVE-2025-38116Use After Free in Linux

CWE-416Use After Free20 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 3
Latest updateApr 18

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is freed after rmmod, which may trigger to a use-after-free (UAF) issue if there is a subsequent access to this notifier chain. Fixes the issue by calling ath12k_core_panic_notifier_unregister() in failure cases. Call tra

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel6.146.15.3+1
CVEListV5linux/linux6f245ea0ec6c29b90c8fa4fdf6e178c646125d7e65e1b3404c211dcfaea02698539cdcd26647130f+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

10
VulDB
Linux Kernel up to 6.15.2/6.16-rc1 wifi ath12k_core_init use after free (EUVD-2025-19827 / Nessus ID 265934)2026-04-18
OSV
linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities2025-12-03
OSV
linux-raspi vulnerabilities2025-10-08
OSV
linux-oracle-6.14 vulnerabilities2025-10-01
OSV
linux-aws-6.14, linux-hwe-6.14 vulnerabilities2025-09-26

📋Vendor Advisories

9
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-01
Ubuntu
Linux kernel vulnerabilities2025-09-26
Ubuntu
Linux kernel vulnerabilities2025-09-25
Ubuntu
Linux kernel (OEM) vulnerabilities2025-09-24
CVE-2025-38116 — Use After Free in Linux | cvebase