AI description
CVE-2025-38087 is a use-after-free vulnerability found in the Linux kernel's network scheduling (net/sched) module, specifically in the `taprio_dev_notifier` function. The vulnerability occurs because `taprio_dev_notifier()` lacks protection by an RCU (Read-Copy-Update) read-side critical section. This can lead to a race condition with the `advance_sched()` function, resulting in a use-after-free scenario. A patch has been developed to address this vulnerability by adding `rcu_read_lock()` inside the `taprio_dev_notifier()` function. This addition aims to prevent the use-after-free condition.
- Description
- In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding rcu_read_lock() inside taprio_dev_notifier() prevents this.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- linux_kernel
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-416
- Hype score
- Not currently trending
🚨 CRITICAL: #SUSE releases urgent kernel security update for SLE 15 SP6 (Live Patch 0). Patches 11 CVEs, including high-severity flaws: CVE-2025-38087 (UAF in net/sched) and CVE-2025-38212 (IPC flaw). Read more: 👉 https://t.co/fkbU7FavmN #Security https://t.co/75FBOResgR
@Cezar_H_Linux
10 Sept 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Critical patch for #SUSE SLE 15 SP6 users: Kernel Update 4 fixes 11 vulnerabilities, including high-severity CVEs CVE-2025-38087 and CVE-2025-38212. Prevent use-after-free exploits and privilege escalation. Read more:👉 https://t.co/xq0MY3ZfW9 #Security https://t.co/tRqEO
@Cezar_H_Linux
9 Sept 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldn’t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it 😥 https://t.co/h6P3IW1tFE
@v4bel
30 Jun 2025
5415 Impressions
13 Retweets
82 Likes
30 Bookmarks
2 Replies
0 Quotes
CVE-2025-38087 In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t … https://t.co/jFZ8rBlz6a
@CVEnew
30 Jun 2025
384 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C7D3F86-080A-4F34-855C-33AACBE752AC",
"versionEndExcluding": "6.6.95",
"versionStartIncluding": "6.3"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E569FD34-0076-4428-BE17-EECCF867611C",
"versionEndExcluding": "6.12.35",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFD174C5-1AA2-4671-BDDC-1A9FCC753655",
"versionEndExcluding": "6.15.4",
"versionStartIncluding": "6.13"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86"
}
],
"operator": "OR"
}
]
}
]