Use-After-Free Vulnerability in Linux Kernel Affecting PCI Power Control Drivers
CVE-2025-38137

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
3 July 2025

What is CVE-2025-38137?

A use-after-free vulnerability exists within the Linux kernel related to the PCI power control subsystem. This issue can be exploited when rescan_work_func() is prolonged, combined with the unloading of a pwrctrl driver. This situation allows an attacker to cancel outstanding rescan work improperly, leading to potential system instability and exposure of sensitive information. The adequate handling of cancellation of work ensures that data structures are maintained correctly, preventing exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 8f62819aaace77dd85037ae766eb767f8c4417ce

Linux 8f62819aaace77dd85037ae766eb767f8c4417ce < 8b926f237743f020518162c62b93cb7107a2b5eb

Linux 6.11

References

https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea...
https://git.kernel.org/stable/c/8b926f237743f020518162c62...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.