Use After Free Vulnerability in Linux Kernel's RDMA iwcm Component
CVE-2025-38211

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 July 2025

What is CVE-2025-38211?

The vulnerability in the Linux kernel's RDMA iwcm component stems from a use-after-free condition where references to 'cm_id_private' objects can persist after the associated 'cm_id' has been destroyed. Following the simplification of 'cm_id' resource management, a flaw was introduced that allows event handler works to reference freed memory locations, leading to potential system instability. This issue can lead to serious security implications, including memory corruption and denial-of-service conditions, notably when subjected to specific test cases like 'nvme/061'. This flaw highlights the importance of rigorous resource management and the necessity of flushing pending works during the destruction of 'cm_id' to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 < 013dcdf6f03bcedbaf1669e3db71c34a197715b2

Linux 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4

Linux 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 < 3b4a50d733acad6831f6bd9288a76a80f70650ac

References

https://git.kernel.org/stable/c/013dcdf6f03bcedbaf1669e3d...
https://git.kernel.org/stable/c/bf7eff5e3a36c54bbe8aff7fd...
https://git.kernel.org/stable/c/3b4a50d733acad6831f6bd928...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.