Use-After-Free Vulnerability in Linux Kernel Proc Handling
CVE-2025-38653

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38653?

A vulnerability in the Linux kernel's proc handling mechanism has been identified, where improper handling of proc_lseek can lead to potential Use-After-Free (UAF) conditions during module removal. This issue arises from inadequate checks in the proc_reg_open() function, resulting in a risk during the removal of kernel modules. It has been addressed based on recommendations for securing the related functionalities, enhancing the stability and security of the Linux kernel.

Affected Version(s)

Linux 3f61631d47f115b83c935d0039f95cb68b0c8ab7

Linux 3f61631d47f115b83c935d0039f95cb68b0c8ab7 < 33c778ea0bd0fa62ff590497e72562ff90f82b13

Linux 3f61631d47f115b83c935d0039f95cb68b0c8ab7

References

https://git.kernel.org/stable/c/c35b0feb80b48720dfbbf4e33...
https://git.kernel.org/stable/c/33c778ea0bd0fa62ff590497e...
https://git.kernel.org/stable/c/fc1072d934f687e1221d685cf...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38653 : Use-After-Free Vulnerability in Linux Kernel Proc Handling