Use-After-Free Vulnerability in Linux Kernel's Taprio Module
CVE-2025-38087

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 June 2025

What is CVE-2025-38087?

A use-after-free vulnerability has been identified in the Linux Kernel's taprio module, specifically in the taprio_dev_notifier function. This issue occurs due to the absence of protection by an RCU read-side critical section, allowing a potential race condition with the advance_sched function. If exploited, this vulnerability can lead to unpredictable behavior and system instability. The issue has been addressed by incorporating an rcu_read_lock within the taprio_dev_notifier function, which effectively mitigates the risk associated with this flaw.

Affected Version(s)

Linux fed87cc6718ad5f80aa739fee3c5979a8b09d3a6 < 8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69c

Linux fed87cc6718ad5f80aa739fee3c5979a8b09d3a6 < 8a008c89e5e5c5332e4c0a33d707db9ddd529f8a

Linux fed87cc6718ad5f80aa739fee3c5979a8b09d3a6

References

https://git.kernel.org/stable/c/8c5713ce1ced75f9e9ed5c642...

https://git.kernel.org/stable/c/8a008c89e5e5c5332e4c0a33d...

https://git.kernel.org/stable/c/b1547d28ba468bc3b88764efd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Apr 16, 2025