Use-After-Free Vulnerability in Linux Kernel TIPC Connections
CVE-2025-38464

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38464?

The Linux kernel has a vulnerability in TIPC (Transparent Inter-Process Communication) where a use-after-free condition occurs if tipc_conn_close() is invoked after releasing the IDR lock during the netns dismantle process. This flaw allows potential null pointer dereference, which could lead to unstable system behavior. The issue arises because tipc_conn_close() may be executed concurrently by multiple threads without proper reference counting. A fix has been implemented to ensure that references are correctly maintained before and after locking mechanisms, preventing the possibility of operating on invalid memory.

Affected Version(s)

Linux c5fa7b3cf3cb22e4ac60485fc2dc187fe012910f < 03dcdd2558e1e55bf843822fe4363dcb48743f2b

Linux c5fa7b3cf3cb22e4ac60485fc2dc187fe012910f < 15a6f4971e2f157d57e09ea748d1fbc714277aa4

Linux c5fa7b3cf3cb22e4ac60485fc2dc187fe012910f

References

https://git.kernel.org/stable/c/03dcdd2558e1e55bf843822fe...

https://git.kernel.org/stable/c/15a6f4971e2f157d57e09ea74...

https://git.kernel.org/stable/c/dab8ded2e5ff41012a6ff400b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025