Kernel Configuration Management Vulnerability in Linux Systems
CVE-2025-38131

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38131?

A vulnerability exists within the Linux kernel's configuration management that can lead to a Use After Free (UAF) condition. This issue arises when an active configuration is enabled via a sysfs interface, allowing a race condition between two CPUs. Specifically, while one CPU is activating a configuration, another CPU can inadvertently deactivate it, leading to access of a previously freed configuration descriptor. To mitigate this risk, it is necessary to correctly manage reference counts for active configurations, ensuring safe module unloading and preventing potential exploitation.

Affected Version(s)

Linux f8cce2ff3c04361b8843d8489620fda8880f668b

Linux f8cce2ff3c04361b8843d8489620fda8880f668b < 31028812724cef7bd57a51525ce58a32a6d73b22

References

https://git.kernel.org/stable/c/dfe8224c9c7a43d356eb9f74b...

https://git.kernel.org/stable/c/b3b4efa2e623aecaebd7c9b9e...

https://git.kernel.org/stable/c/31028812724cef7bd57a51525...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025