Use-After-Free Vulnerability in Linux Kernel Affects Binderfs
CVE-2025-38176
What is CVE-2025-38176?
A use-after-free vulnerability has been identified in the Linux Kernel's binderfs component, which can lead to potential system instability. During a stress test using 'stress-ng', a slab-use-after-free situation was observed in the 'binderfs_evict_inode' function. This flaw can cause memory corruption, impacting the functionality of systems utilizing the affected versions of the kernel. The issue arises from inadequate synchronization when handling concurrent deletions of binder devices, necessitating full-featured synchronization mechanisms to prevent data corruption.
Affected Version(s)
Linux e77aff5528a183462714f750e45add6cc71e276a < 80ed8ab8efa0d18c03968a2321154f10e2d1a2e3
Linux e77aff5528a183462714f750e45add6cc71e276a
Linux e77aff5528a183462714f750e45add6cc71e276a < 8c0a559825281764061a127632e5ad273f0466ad