Use-After-Free Vulnerability in Linux Kernel Affects Binderfs
CVE-2025-38176

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
4 July 2025

What is CVE-2025-38176?

A use-after-free vulnerability has been identified in the Linux Kernel's binderfs component, which can lead to potential system instability. During a stress test using 'stress-ng', a slab-use-after-free situation was observed in the 'binderfs_evict_inode' function. This flaw can cause memory corruption, impacting the functionality of systems utilizing the affected versions of the kernel. The issue arises from inadequate synchronization when handling concurrent deletions of binder devices, necessitating full-featured synchronization mechanisms to prevent data corruption.

Affected Version(s)

Linux e77aff5528a183462714f750e45add6cc71e276a < 80ed8ab8efa0d18c03968a2321154f10e2d1a2e3

Linux e77aff5528a183462714f750e45add6cc71e276a

Linux e77aff5528a183462714f750e45add6cc71e276a < 8c0a559825281764061a127632e5ad273f0466ad

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38176 : Use-After-Free Vulnerability in Linux Kernel Affects Binderfs