Use-After-Free Vulnerability in Airoha NPU Driver for Linux Kernel
CVE-2025-38536

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38536?

A significant issue has been identified in the Airoha NPU driver within the Linux kernel, where a use-after-free condition could arise. The problem occurs when the function 'of_node_put' is called prematurely after 'of_find_device_by_node', which releases the node and could lead to access of freed memory. This vulnerability can potentially disrupt resource management and system stability. A recent patch addresses this flaw by repositioning the node release call to ensure it only occurs after appropriate checks are performed, thus safeguarding system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch