PT-2025-25806 · Linux+6 · Linux Kernel+6

Published

2025-05-18

·

Updated

2026-05-26

·

CVE-2025-38031

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A reference count leak was introduced in the Linux kernel due to a recent patch that addressed a Use After Free (UAF) issue. The parallel data refcount is incremented unconditionally, regardless of the return value of queue work(). If the work item is already queued, the incremented refcount is never decremented. This issue can lead to an unreferenced object, as seen in the provided hex dump and backtrace.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-09006
CVE-2025-38031
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-EF46-1A45-9C09
OESA-2025-1727
OESA-2025-1728
OESA-2025-1729
OESA-2025-1730
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20475-1
SUSE-SU-2025:20483-1
SUSE-SU-2025:20493-1
SUSE-SU-2025:20498-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7704-1
USN-7704-2
USN-7704-3
USN-7704-4
USN-7704-5
USN-7711-1
USN-7712-1
USN-7712-2
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu