CVE-2025-38087

Published Jun 30, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-38087 is a use-after-free vulnerability found in the Linux kernel's network scheduling (net/sched) module, specifically in the `taprio_dev_notifier` function. The vulnerability occurs because `taprio_dev_notifier()` lacks protection by an RCU (Read-Copy-Update) read-side critical section. This can lead to a race condition with the `advance_sched()` function, resulting in a use-after-free scenario. A patch has been developed to address this vulnerability by adding `rcu_read_lock()` inside the `taprio_dev_notifier()` function. This addition aims to prevent the use-after-free condition.

Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding rcu_read_lock() inside taprio_dev_notifier() prevents this.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. 🚨 CRITICAL: #SUSE releases urgent kernel security update for SLE 15 SP6 (Live Patch 0). Patches 11 CVEs, including high-severity flaws: CVE-2025-38087 (UAF in net/sched) and CVE-2025-38212 (IPC flaw). Read more: 👉 https://t.co/fkbU7FavmN #Security https://t.co/75FBOResgR

    @Cezar_H_Linux

    10 Sept 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔐 Critical patch for #SUSE SLE 15 SP6 users: Kernel Update 4 fixes 11 vulnerabilities, including high-severity CVEs CVE-2025-38087 and CVE-2025-38212. Prevent use-after-free exploits and privilege escalation. Read more:👉 https://t.co/xq0MY3ZfW9 #Security https://t.co/tRqEO

    @Cezar_H_Linux

    9 Sept 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldn’t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it 😥 https://t.co/h6P3IW1tFE

    @v4bel

    30 Jun 2025

    5415 Impressions

    13 Retweets

    82 Likes

    30 Bookmarks

    2 Replies

    0 Quotes

  4. CVE-2025-38087 In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t … https://t.co/jFZ8rBlz6a

    @CVEnew

    30 Jun 2025

    384 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.