Use-After-Free Vulnerability in Linux Kernel Affecting IPC Lookups
CVE-2025-38212

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38212?

A use-after-free vulnerability has been identified in the Linux kernel that affects IPCS lookups. When executing the idr_for_each() function, improper access handling may allow freed memory to be read inadvertently. This occurs because the function is not sufficiently protected by RCU read-critical regions. The flaw could lead to inconsistencies and potential exploitation, requiring rigorous code alterations to prevent memory access after it has been freed during operations like shm_destroy_orphaned(). Ensuring these operations are safeguarded within the correct critical periods is crucial for mitigating the risk.

Affected Version(s)

Linux b34a6b1da371ed8af1221459a18c67970f7e3d53 < 5f1e1573bf103303944fd7225559de5d8297539c

Linux b34a6b1da371ed8af1221459a18c67970f7e3d53

Linux b34a6b1da371ed8af1221459a18c67970f7e3d53 < 74bc813d11c30e28fc5261dc877cca662ccfac68

References

https://git.kernel.org/stable/c/5f1e1573bf103303944fd7225...

https://git.kernel.org/stable/c/b968ba8bfd9f90914957bbbd8...

https://git.kernel.org/stable/c/74bc813d11c30e28fc5261dc8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025