Dynamic Memory Allocation Vulnerability in Linux Kernel
CVE-2025-38076

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38076?

A vulnerability in the Linux kernel allows for a use-after-free (UAF) condition when dynamically allocated percpu counters for module tags are accessed after the module has been unloaded. This occurs because while the module checks for active tags before being unloaded, the associated percpu counters are freed by the free_module() function. If any of these percpu counters are accessed after the module unloads, it can lead to unpredictable behavior or system instability. The resolution involves dynamically allocating percpu counters, ensuring they remain available for any in-use tags post module unloading, thus enhancing memory management and system security.

Affected Version(s)

Linux 0db6f8d7820a4b788565dac8eed52bfc2c3216da < 3cc733e6d96c938d2b82be96858a0ab900eb6fdc

Linux 0db6f8d7820a4b788565dac8eed52bfc2c3216da < 12ca42c237756182aad8ab04654c952765cb9061

Linux 6.13

References

https://git.kernel.org/stable/c/3cc733e6d96c938d2b82be968...

https://git.kernel.org/stable/c/12ca42c237756182aad8ab046...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025