Use-After-Free Vulnerability in Linux Kernel Affected by AppleTalk Module
CVE-2025-38666
What is CVE-2025-38666?
A use-after-free vulnerability in the Linux kernel's AppleTalk module has been identified, originating from a race condition during the AARP proxy-probe routine. When the function aarp_proxy_probe_network is called, it acquires a lock and allocates memory for an AARP entry. However, while the lock is released and the process sleeps momentarily, a timer thread can remove and free the same entry, leading to potential exploitation. This mismanagement of memory can result in unauthorized access or manipulation of the underlying data structures, posing a significant risk to system stability and security. The vulnerability has been addressed in subsequent kernel updates.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2a6209e4649d45fd85d4193abc481911858ffc6f
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5f02ea0f63dd38c41539ea290fcc1693c73aa8e5