Use-After-Free Vulnerability in Linux Kernel Page Pool by Google
CVE-2025-38129
Currently unrated
What is CVE-2025-38129?
This vulnerability exists in the Linux kernel's page pool implementation, where a use-after-free condition can be triggered during the recycling of pages. Specifically, the issue arises in the page_pool_recycle_in_ring function, where improper handling of locking mechanisms allows the release and freeing of memory while it is still in use. This could potentially allow for memory corruption or the execution of unexpected code by manipulating the page pool, impacting the stability and security of the system.
Affected Version(s)
Linux ff7d6b27f894f1469dc51ccb828b7363ccd9799f
Linux ff7d6b27f894f1469dc51ccb828b7363ccd9799f < 4ab8c0f8905c9c4d05e7f437e65a9a365573ff02
Linux ff7d6b27f894f1469dc51ccb828b7363ccd9799f < 271683bb2cf32e5126c592b5d5e6a756fa374fd9