Use-After-Free Vulnerability in Linux Kernel Affecting Binder Devices
CVE-2025-38175

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38175?

A vulnerability has been identified in the Linux kernel's binder component that can lead to a use-after-free condition in binder devices. This issue arises when certain devices are freed without being properly removed from the binder_devices list, potentially resulting in memory corruption. The vulnerability is triggered during the execution of specific tasks, like device removal and memory allocation. Addressing this issue involves ensuring proper sequence in function calls to prevent unintended memory references and enhance overall system stability.

Affected Version(s)

Linux 12d909cac1e1c4147cc3417fee804ee12fc6b984 < 4a7694f499cae5b83412c5281bf2c961f34f2ed6

Linux 12d909cac1e1c4147cc3417fee804ee12fc6b984 < 72a726fb5f25fbb31d6060acfb671c1955831245

Linux 12d909cac1e1c4147cc3417fee804ee12fc6b984 < 9857af0fcff385c75433f2162c30c62eb912ef6d

References

https://git.kernel.org/stable/c/4a7694f499cae5b83412c5281...

https://git.kernel.org/stable/c/72a726fb5f25fbb31d6060acf...

https://git.kernel.org/stable/c/9857af0fcff385c75433f2162...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025