CVE-2025-38500Use After Free in Linux

CWE-416Use After FreeCWE-825Expired Pointer Dereference43 documents9 sources
Severity
7.8HIGHNVD
OSV5.5OSV4.7
EPSS
0.0%
top 95.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 12
Latest updateDec 1

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.16.1.148+4
Debianlinux/linux_kernel< 6.1.148-1+2
Ubuntulinux/linux_kernel< 6.8.0-85.85
CVEListV5linux/linuxabc340b38ba25cd6c7aa2c0bd9150d30738c82d0a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4+5

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

21
OSV
CVE-2025-38500: In xfrmi_changelink of xfrm_interface_core2025-12-01
OSV
linux-oracle-6.8 vulnerabilities2025-10-15
OSV
linux-raspi vulnerabilities2025-10-14
OSV
linux-azure-6.8 vulnerabilities2025-10-14
OSV
linux-oracle, linux-oracle-6.14 vulnerabilities2025-10-14

📋Vendor Advisories

21
Android
CVE-2025-38500: XFRM2025-12-01
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-15
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-14
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-10-14
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-14
CVE-2025-38500 — Use After Free in Linux | cvebase