PT-2025-25825 · Linux+7 · Linux Kernel+7
Publicado
2025-05-18
·
Atualizado
2026-05-29
·
CVE-2025-38051
CVSS v3.1
7.0
Alta
| Vetor | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.15.0-rc6+
Description
A use-after-free vulnerability exists in the Linux kernel due to a race condition in the readdir concurrency process. This may cause the kernel to access memory after it has been freed, leading to a slab-use-after-free error. The issue is related to the
cifs fill dirent function and can be triggered by a specific sequence of events involving multiple processes.Recommendations
For Linux kernel versions prior to 6.15.0-rc6+, update to a newer version to resolve the issue.
As a temporary workaround, consider disabling the
cifs fill dirent function until a patch is available.
Restrict access to the vulnerable cifs module to minimize the risk of exploitation.Exploit
Correção
DoS
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Rocky Linux
Suse
Ubuntu