Use-After-Free Vulnerability in Linux Kernel Affecting Asynchronous Crypto Handling
CVE-2025-38488

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38488?

A use-after-free vulnerability exists in the Linux kernel's crypt_message function when utilizing asynchronous crypto operations with hardware accelerators. This flaw arises due to the improper handling of memory allocation when async encryption operations are initiated. If a hardware crypto accelerator indicates that an operation is in progress, the system frees the memory buffer allocated for the request too early, resulting in potential kernel crashes due to accessing freed memory. The vulnerability highlights the need for restoring proper asynchronous handling procedures to ensure memory safety and maintain system stability.

Affected Version(s)

Linux bce966530fd5542bbb422cb45ecb775f7a1a6bc3 < 9a1d3e8d40f151c2d5a5f40c410e6e433f62f438

Linux 0809fb86ad13b29e1d6d491364fc7ea4fb545995 < 15a0a5de49507062bc3be4014a403d8cea5533de

Linux b0abcd65ec545701b8793e12bc27dc98042b151a < 2a76bc2b24ed889a689fb1c9015307bf16aafb5b

References

https://git.kernel.org/stable/c/9a1d3e8d40f151c2d5a5f40c4...

https://git.kernel.org/stable/c/15a0a5de49507062bc3be4014...

https://git.kernel.org/stable/c/2a76bc2b24ed889a689fb1c90...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025