CVE-2025-38137 — Use After Free in Linux

CWE-416 — Use After Free20 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 77.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJul 3

Latest updateApr 18

Description

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: (a) forcing rescan_work_func() to take a long time and (b) utilizing a pwrctrl driver that may be unloaded for some reason Cancel outstanding work to ensure it is finished before we allow our data structures to be cleaned up. [bhelgaas: tidy commit log]

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel6.11.1 — 6.15.3+1

▶Debianlinux/linux_kernel< 6.16.3-1

▶CVEListV5linux/linux8f62819aaace77dd85037ae766eb767f8c4417ce — b3ad6d23fec23fbef382ce9ea640c37446593cf5+2

▶debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

VulDB

Linux Kernel up to 6.15.2 rescan_work_func use after free (EUVD-2025-19806 / Nessus ID 247808)↗2026-04-18

▶

OSV

linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities↗2025-12-03

▶

OSV

linux-raspi vulnerabilities↗2025-10-08

▶

OSV

linux-oracle-6.14 vulnerabilities↗2025-10-01

▶

OSV

linux-aws-6.14, linux-hwe-6.14 vulnerabilities↗2025-09-26

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-10-08

▶

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2025-10-01

▶

Ubuntu

Linux kernel vulnerabilities↗2025-09-26

▶

Ubuntu

Linux kernel vulnerabilities↗2025-09-25

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2025-09-24

▶