Use-After-Free Vulnerability in Linux Kernel Affecting Asynchronous Crypto Handling
CVE-2025-38488

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
28 July 2025

What is CVE-2025-38488?

A use-after-free vulnerability exists in the Linux kernel's crypt_message function when utilizing asynchronous crypto operations with hardware accelerators. This flaw arises due to the improper handling of memory allocation when async encryption operations are initiated. If a hardware crypto accelerator indicates that an operation is in progress, the system frees the memory buffer allocated for the request too early, resulting in potential kernel crashes due to accessing freed memory. The vulnerability highlights the need for restoring proper asynchronous handling procedures to ensure memory safety and maintain system stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 8f14a476abba13144df5434871a7225fd29af633 < 5d047b12f86cc3b9fde1171c02d9bccf4dba0632

Linux ef51c0d544b1518b35364480317ab6d3468f205d < 6550b2bef095d0dd2d2c8390d2ea4c3837028833

Linux bce966530fd5542bbb422cb45ecb775f7a1a6bc3 < 9a1d3e8d40f151c2d5a5f40c410e6e433f62f438

References

https://git.kernel.org/stable/c/5d047b12f86cc3b9fde1171c0...
https://git.kernel.org/stable/c/6550b2bef095d0dd2d2c8390d...
https://git.kernel.org/stable/c/9a1d3e8d40f151c2d5a5f40c4...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.