CVE-2025-38248Use After Free in Linux

CWE-416Use After FreeCWE-825Expired Pointer Dereference71 documents8 sources
Severity
7.8HIGHNVD
OSV5.6OSV5.5OSV3.2
EPSS
0.0%
top 98.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedJul 9
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicast packets are forwarded to these ports even if the ports are not member in the matching MDB entry. When per-VLAN multicast snooping is enabled, the per-port multicast context is disabled on each port and the port is rem

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

NVDlinux/linux_kernel5.156.15.5+1
Debianlinux/linux_kernel< 6.12.69-1+1
Ubuntulinux/linux_kernel< 5.15.0-170.180+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

35
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24

📋Vendor Advisories

34
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04

💬Community

1
Bugzilla
CVE-2025-38248 kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init2025-07-09