Vulnerability in Linux Kernel ACPICA Affects Linux Products
CVE-2025-38386

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38386?

A vulnerability in the Linux kernel's ACPICA component has been identified, wherein a platform firmware update that modified method parameters inadvertently led to a use-after-free condition, causing crashes. This issue arises due to a mismatch of expected method arguments. ACPICA now refrains from evaluating methods when the caller supplies insufficient arguments, enhancing the system's stability and security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2219e49857ffd6aea1b1ca5214d3270f84623a16

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a2...

https://git.kernel.org/stable/c/2219e49857ffd6aea1b1ca521...

https://git.kernel.org/stable/c/ab1e8491c19eb2ea0fda81ef2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025