Use-After-Free Vulnerability in CIFS within Linux Kernel
CVE-2025-38051

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38051?

A critical use-after-free vulnerability exists in the Common Internet File System (CIFS) implementation within the Linux kernel. This vulnerability arises from a race condition during the directory reading process, which allows access to a buffer that has already been freed. An attacker exploiting this flaw could cause unpredictable behavior, potentially leading to data corruption or execution of arbitrary code. The vulnerability is addressed in newer kernel versions, so users are encouraged to upgrade to mitigate risks associated with this issue.

Affected Version(s)

Linux a364bc0b37f14ffd66c1f982af42990a9d77fa43

Linux a364bc0b37f14ffd66c1f982af42990a9d77fa43 < 1b197931fbc821bc7e9e91bf619400db563e3338

References

https://git.kernel.org/stable/c/aee067e88d61eb72e966f094e...

https://git.kernel.org/stable/c/a24c2f05ac3c5b0aaa539d9d9...

https://git.kernel.org/stable/c/1b197931fbc821bc7e9e91bf6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025