Use-After-Free Vulnerability in Linux Kernel's AF_UNIX Implementation
CVE-2025-38236

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-38236?

A use-after-free vulnerability has been identified in the Linux kernel's AF_UNIX implementation, specifically affecting the unix_stream_read_generic() function. This issue arises when socket communication is improperly handled, leading to potential exploitation during message receiving sequences. The vulnerability occurs when an Out-of-Band (OOB) data packet is consumed and additional OOB data packets are processed without appropriate memory management, causing an illegal memory read. This situation can lead to instability or unexpected behavior within applications using AF_UNIX sockets, highlighting the need for timely updates and security patches.

Affected Version(s)

Linux 314001f0bf927015e459c9d387d62a231fe93af3

Linux 314001f0bf927015e459c9d387d62a231fe93af3 < 61a9ad7b69ce688697e5f63332f03e17725353bc

References

https://git.kernel.org/stable/c/a12237865b48a73183df25202...

https://git.kernel.org/stable/c/fad0a2c16062ac7c606b93166...

https://git.kernel.org/stable/c/61a9ad7b69ce688697e5f6333...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025