CVE-2025-38536 (GCVE-0-2025-38536)
Vulnerability from cvelistv5
Published
2025-08-16 11:12
Modified
2025-08-16 11:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases the node and can lead to a use-after-free bug. Previously, of_node_put(np) was called unconditionally after of_find_device_by_node(np), which could result in a use-after-free if pdev is NULL. This patch moves of_node_put(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues.
Impacted products
Vendor Product Version
Linux Linux Version: 23290c7bc190def4e1ca61610992d9b7c32e33f3
Version: 23290c7bc190def4e1ca61610992d9b7c32e33f3
Create a notification for this product.
   Linux Linux Version: 6.15
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/airoha/airoha_npu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "df6bf96b41e547e350667bc4c143be53646d070d",
              "status": "affected",
              "version": "23290c7bc190def4e1ca61610992d9b7c32e33f3",
              "versionType": "git"
            },
            {
              "lessThan": "3cd582e7d0787506990ef0180405eb6224fa90a6",
              "status": "affected",
              "version": "23290c7bc190def4e1ca61610992d9b7c32e33f3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/airoha/airoha_npu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.8",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: fix potential use-after-free in airoha_npu_get()\n\nnp-\u003ename was being used after calling of_node_put(np), which\nreleases the node and can lead to a use-after-free bug.\nPreviously, of_node_put(np) was called unconditionally after\nof_find_device_by_node(np), which could result in a use-after-free if\npdev is NULL.\n\nThis patch moves of_node_put(np) after the error check to ensure\nthe node is only released after both the error and success cases\nare handled appropriately, preventing potential resource issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-16T11:12:28.627Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6"
        }
      ],
      "title": "net: airoha: fix potential use-after-free in airoha_npu_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38536",
    "datePublished": "2025-08-16T11:12:28.627Z",
    "dateReserved": "2025-04-16T04:51:24.024Z",
    "dateUpdated": "2025-08-16T11:12:28.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38536\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-16T12:15:29.347\",\"lastModified\":\"2025-08-18T20:16:28.750\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: airoha: fix potential use-after-free in airoha_npu_get()\\n\\nnp-\u003ename was being used after calling of_node_put(np), which\\nreleases the node and can lead to a use-after-free bug.\\nPreviously, of_node_put(np) was called unconditionally after\\nof_find_device_by_node(np), which could result in a use-after-free if\\npdev is NULL.\\n\\nThis patch moves of_node_put(np) after the error check to ensure\\nthe node is only released after both the error and success cases\\nare handled appropriately, preventing potential resource issues.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: airoha: se corrige un posible error de use after free en airoha_npu_get(). np-\u0026gt;name se usaba despu\u00e9s de llamar a of_node_put(np), lo que libera el nodo y puede provocar un error de use after free. Anteriormente, se llamaba a of_node_put(np) incondicionalmente despu\u00e9s de of_find_device_by_node(np), lo que pod\u00eda provocar un error de use after free si pdev era NULL. Este parche traslada of_node_put(np) despu\u00e9s de la comprobaci\u00f3n de errores para garantizar que el nodo solo se libere despu\u00e9s de que tanto el error como los casos de \u00e9xito se hayan gestionado correctamente, lo que evita posibles problemas de recursos.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…