Slab-use-after-free Vulnerability in Linux Kernel's TIPC Module

CVE-2025-38052

What is CVE-2025-38052?

A slab-use-after-free vulnerability has been identified in the TIPC (Transparent Inter-Process Communication) module of the Linux kernel. This issue occurs when the system attempts to access memory that has already been freed, specifically during the encryption completion process in the tipc_aead_encrypt_done function. When a network namespace is deleted, if there are outstanding cryptographic operations relying on the already freed memory, this can result in undefined behavior and potential system instability. The flaw can be exploited under specific conditions, particularly if the simd_aead_encrypt operation is interrupted, causing the cryptd_queue_worker to reference the invalid memory. The vulnerability has been addressed by ensuring the appropriate reference count management for the network namespace before encrypting data.

References