CVE-2025-38212

Published Jul 4, 2025

Last updated 4 months ago

CVSS high 7.8

Overview

Description
In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediately, and when reading the next node in radix_tree_for_each_slot(), the already freed memory may be read. Therefore, we need to add code to make sure that idr_for_each() is protected within the RCU read-critical region when we call it in shm_destroy_orphaned().
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed
Products
linux_kernel, debian_linux

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-416

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CRITICAL: #SUSE releases kernel security patch SUSE-SU-2025:03222-1. Fixes 4 CVEs, including CVE-2025-38001 & CVE-2025-38212 (CVSS 8.5). Impacts SLE 15 SP6/SP7 & openSUSE Leap 15.6. Read more:๐Ÿ‘‰ https://t.co/NozG7Yo3tN #Security https://t.co/Fkp5gTQbFk

    @Cezar_H_Linux

    16 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. URGENT: Patch #SUSE Linux NOW. Live Patch 24 (SUSE-SU-2025:03194-1) fixes 7 vulnerabilities, including CVE-2025-38212 (CVSS 8.5). Affects SLE 15 SP5, openSUSE Leap 15.5. Risks: Privilege escalation, DoS. Read more:๐Ÿ‘‰ https://t.co/bmF6dWLSFt #Security https://t.co/a6UaQ3a9PE

    @Cezar_H_Linux

    15 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐Ÿšจ CRITICAL ALERT for @SUSELinux & @openSUSE users! Live Patch 17 for SLE 15 SP5/Leap 15.5 patches 9 vulnerabilities, including 2x CVSS 8.5 flaws (CVE-2025-38212, CVE-2025-38001). Read more:๐Ÿ‘‰ https://t.co/YcyQobEZDQ #LinuxSecurity #CyberSecurity #SUSE https://t.co/khI04

    @Cezar_H_Linux

    14 Sept 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. URGENT: Patch #SUSE Linux NOW. Live Patch 17 for SLE 15 SP5 fixes 9 critical kernel vulnerabilities (CVE-2025-38212, CVE-2025-38001, etc.). Risk: Local Privilege Escalation & DoS. Read more:๐Ÿ‘‰ https://t.co/qZMhtWMRT4 https://t.co/f532a39oB0

    @Cezar_H_Linux

    14 Sept 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ๐Ÿšจ Critical #Linux kernel update for #SUSE 15 SP5 & #openSUSE Leap 15.5! Patch CVE-2025-21701 (CVSS 7.0) and CVE-2025-38212 (CVSS 8.5) to prevent local privilege escalation and DoS. Read more: ๐Ÿ‘‰ https://t.co/fBfEvRq7yN https://t.co/uN23RVswZG

    @Cezar_H_Linux

    14 Sept 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ๐Ÿšจ URGENT #Security Update for @SUSE Linux users! Live Patch 22 for SLE 15 SP5/ #openSUSE Leap 15.5 patches 7 critical kernel vulnerabilities. CVE-2025-38212 (CVSS 8.5) allows privilege escalation. Read more: ๐Ÿ‘‰ https://t.co/I1DlWx37KK https://t.co/wjgmhLEu8J

    @Cezar_H_Linux

    14 Sept 2025

    80 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ๐Ÿšจ Critical Linux Kernel Patch Alert! ๐Ÿšจ #SUSE's Live Patch 40 for SLE 15 SP4 fixes 5 important CVEs, including CVE-2025-38212 (CVSS 8.5). Local privilege escalation & DoS risks. Affected products: Leap 15.4, SLES, SAP HANA, HPC, Micro. Read more: ๐Ÿ‘‰ https://t.co/qc7YH

    @Cezar_H_Linux

    13 Sept 2025

    139 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ๐Ÿ” CRITICAL: #SUSE Linux Kernel Patch Alert! ๐Ÿ” CVE-2025-38212 (CVSS: 8.5) patched for SLE 15 SP4 & openSUSE Leap 15.4. Fixes a local privilege escalation vulnerability in IPCS. Read more:๐Ÿ‘‰ https://t.co/ndHaZsNDwu #Security https://t.co/iiRuECbyx6

    @Cezar_H_Linux

    13 Sept 2025

    115 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Urgent: #SUSE releases Live Patch 41 for Linux Kernel (SLE 15 SP4/Leap 15.4). Patches 4 vulnerabilities: CVE-2025-37890, CVE-2025-38000, CVE-2025-38001 (CVSS 8.5), CVE-2025-38212 (CVSS 8.5). Read more: ๐Ÿ‘‰ https://t.co/L6VAeHng7B #Security https://t.co/FyoVgvjs8m

    @Cezar_H_Linux

    13 Sept 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. URGENT: #SUSE releases critical Linux kernel security patch for SLE 15 SP4 and #openSUSE Leap 15.4. Fixes 6 vulnerabilities, including: โœ… CVE-2025-38212 (CVSS 8.5) - IPC UAF โœ… CVE-2025-38001 (CVSS 8.5) - HFSC flaw Read more:๐Ÿ‘‰ https://t.co/uqFzf8yqz1 https://t.co/

    @Cezar_H_Linux

    13 Sept 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ๐Ÿšจ Critical #SUSE Linux Kernel Patch Released! ๐Ÿšจ Live Patch 29 (SUSE-SU-2025:03175-1) fixes 9 vulnerabilities. CVE-2025-38212 (CVSS 7.8): IPC flaw. Read more: ๐Ÿ‘‰ https://t.co/Tgph25THii #Security https://t.co/ycvdYq3H5t

    @Cezar_H_Linux

    12 Sept 2025

    103 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ๐Ÿšจ Critical patch for #SUSE SLE 15 SP4 & #openSUSE Leap 15.4! Live Patch 31 fixes 9 kernel vulnerabilities, including high-severity CVEs: CVE-2025-38212 (CVSS 8.5). CVE-2025-38001 (CVSS 8.5) . Read more:๐Ÿ‘‰ https://t.co/59ducSDAqD #Security https://t.co/NH2uNmjEHK

    @Cezar_H_Linux

    11 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. URGENT: Patch your #SUSE Linux 15 SP7 systems now! New kernel vulnerability (CVE-2025-38212) patched. CVSS: 8.5. Allows local privilege escalation. Read more: ๐Ÿ‘‰ https://t.co/pNNqYn2cvt #Security https://t.co/WXJJtPjrW8

    @Cezar_H_Linux

    10 Sept 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. URGENT: #SUSE patches 6 critical Linux Kernel vulnerabilities (SUSE-SU-2025:03109-1). CVSS Scores up to 8.5! Impacts: CVE-2025-38212 (IPC), CVE-2025-38001 (HFSC), and more. Read more: ๐Ÿ‘‰ https://t.co/BnY4fxSrYJ #Security https://t.co/i2uifmu70P

    @Cezar_H_Linux

    10 Sept 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ๐Ÿšจ CRITICAL: #SUSE releases urgent kernel security update for SLE 15 SP6 (Live Patch 0). Patches 11 CVEs, including high-severity flaws: CVE-2025-38087 (UAF in net/sched) and CVE-2025-38212 (IPC flaw). Read more: ๐Ÿ‘‰ https://t.co/fkbU7FavmN #Security https://t.co/75FBOResgR

    @Cezar_H_Linux

    10 Sept 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. URGENT: #SUSE patches 5 critical CVEs in Linux Kernel RT for SLE 15 SP7. CVE-2025-38212 (CVSS 8.5): IPC flaw CVE-2025-38001 (CVSS 8.5): HFSC flaw Read more: ๐Ÿ‘‰ https://t.co/X16DdiVkST https://t.co/NIxAz9kbmc

    @Cezar_H_Linux

    10 Sept 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. URGENT: Patch #SUSE Linux 15 SP6 now! ๐Ÿš€ CVE-2025-38212 (CVSS: 8.5) allows local privilege escalation in the kernel. Read more: ๐Ÿ‘‰ https://t.co/6V88FlDf45 #Security https://t.co/Boea0HGkKm

    @Cezar_H_Linux

    9 Sept 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. ๐Ÿšจ Critical patch for #SUSE Linux Enterprise 15 SP6! CVE-2025-38212 (CVSS: 8.5) patches a local privilege escalation flaw in the kernel. Affects Server, SAP, and Real-Time systems. Read more: ๐Ÿ‘‰ https://t.co/0k0Mn5G5aI #Security https://t.co/jNv8FB4WFe

    @Cezar_H_Linux

    9 Sept 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. ๐Ÿ” Critical patch for #SUSE SLE 15 SP6 users: Kernel Update 4 fixes 11 vulnerabilities, including high-severity CVEs CVE-2025-38087 and CVE-2025-38212. Prevent use-after-free exploits and privilege escalation. Read more:๐Ÿ‘‰ https://t.co/xq0MY3ZfW9 #Security https://t.co/tRqEO

    @Cezar_H_Linux

    9 Sept 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. URGENT: #SUSE patches 17 Linux kernel vulnerabilities. Multiple CVEs with 8.5 CVSS scores (e.g., CVE-2025-38212) allow local privilege escalation to root. Read more: ๐Ÿ‘‰ https://t.co/OXk9ZdcCeG #Security https://t.co/EFWSQ0tazC

    @Cezar_H_Linux

    19 Aug 2025

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-38212 Use-After-Free Vulnerability in Linux Kernel IPC Subsystem RCU Handling https://t.co/K9VYSmx1Q7

    @VulmonFeeds

    5 Jul 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdc_ncm_rx_verify_ndp32(). The DPE array size is validated against the total skb length without accounting for ndpoffset, allowing out-of-bounds reads when the NDP32 is placed near the end of the NTB. Add ndpoffset to the nframes bounds check and use struct_size_t() to express the NDP-plus-DPE-array size more clearly. Compile-tested only.โ€ขCVE-2026-23447
  2. In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variantsโ€ขCVE-2026-23446
  3. In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported: [ 883.803618] [ T1554] BUG: unable to handle page fault for address: ffffcfb6200fd008 ... [ 883.803650] [ T1554] Call Trace: [ 883.803652] [ T1554] <TASK> [ 883.803654] [ T1554] igc_ptp_tx_tstamp_event+0xdf/0x160 [igc] [ 883.803660] [ T1554] igc_tsync_interrupt+0x2d5/0x300 [igc] ... During shutdown of the TX ring the xsk_meta pointers are left behind, so that the IRQ handler is trying to touch them. This issue is now being fixed by cleaning up the stale xsk meta data on TX shutdown. TX timestamps on other queues remain unaffected.โ€ขCVE-2026-23445
  4. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do. Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free. Document the skb ownership guarantee in the function's kdoc.โ€ขCVE-2026-23444
  5. In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()"), device pointers may be dereferenced after dropping references to the device objects pointed to by them, which may cause a use-after-free to occur. Moreover, debug messages about enabling the errata may be printed if the errata flags corresponding to them are unset. Address all of these issues by moving message printing to the points in the code where the errata flags are set.โ€ขCVE-2026-23443

References

Sources include official advisories and independent security research.