CVE-2025-38087
Published Jun 30, 2025
Last updated 8 days ago
AI description
CVE-2025-38087 is a use-after-free vulnerability found in the Linux kernel's network scheduling (net/sched) module, specifically in the `taprio_dev_notifier` function. The vulnerability occurs because `taprio_dev_notifier()` lacks protection by an RCU (Read-Copy-Update) read-side critical section. This can lead to a race condition with the `advance_sched()` function, resulting in a use-after-free scenario. A patch has been developed to address this vulnerability by adding `rcu_read_lock()` inside the `taprio_dev_notifier()` function. This addition aims to prevent the use-after-free condition.
- Description
- In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding rcu_read_lock() inside taprio_dev_notifier() prevents this.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldn’t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it 😥 https://t.co/h6P3IW1tFE
@v4bel
30 Jun 2025
5415 Impressions
13 Retweets
82 Likes
30 Bookmarks
2 Replies
0 Quotes
CVE-2025-38087 In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t … https://t.co/jFZ8rBlz6a
@CVEnew
30 Jun 2025
384 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes