Use-After-Free Vulnerability in Linux Kernel NBD Driver
CVE-2025-38443

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38443?

A use-after-free vulnerability exists in the NBD (Network Block Device) driver of the Linux kernel, which occurs when the error path of nbd_genl_connect() fails to halt the device appropriately after calling nbd_start_device(). This mismanagement can lead to the configuration being freed while still in use by the recv_work function, causing instability and potential exploitation in systems using the NBD driver.

Affected Version(s)

Linux 6497ef8df568afbf5f3e38825a4590ff41611a54

Linux 6497ef8df568afbf5f3e38825a4590ff41611a54 < 91fa560c73a8126868848ed6cd70607cbf8d87e2

Linux 6497ef8df568afbf5f3e38825a4590ff41611a54

References

https://git.kernel.org/stable/c/cb121c47f364b51776c4db904...

https://git.kernel.org/stable/c/91fa560c73a8126868848ed6c...

https://git.kernel.org/stable/c/d46186eb7bbd9a11c145120f2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025