PT-2025-25826 · Linux+10 · Linux Kernel+10

Syzbot

·

Published

2025-05-20

·

Updated

2026-05-04

·

CVE-2025-38052

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A slab-use-after-free issue has been identified in the Linux kernel, specifically in the tipc aead encrypt done function. This issue can occur when the simd aead encrypt function is interrupted, leading to crypto simd usable() returning false, which in turn triggers the cryptd queue worker workqueue. As a result, the tipc crypto tx may still be visited after it has been freed. The issue can be reproduced by creating a network namespace, enabling the TIPC bearer, setting a key, disabling the bearer, and then deleting the namespace.
Recommendations To resolve this issue, hold the net reference count before encrypting. This can be achieved by modifying the tipc aead encrypt function to hold the net reference count before calling the crypto aead encrypt function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:12662
ALSA-2025:12746
ALSA-2025:12752
ALSA-2025:12753
AZL-63929
BDU:2025-08915
CESA-2025_12752
CESA-2025_12753
CESA-2025_15921
CVE-2025-38052
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-CAB7-BD44-9AF4
INFSA-2025_12746
INFSA-2025_12752
INFSA-2025_12753
OESA-2025-2077
OESA-2025-2078
OESA-2025-2079
OESA-2025-2081
OESA-2025-2082
OPENSUSE-SU-2025:20081-1
RHSA-2025:12209
RHSA-2025:12311
RHSA-2025:12662
RHSA-2025:12746
RHSA-2025:12752
RHSA-2025:12753
RHSA-2025:13029
RHSA-2025:13030
RHSA-2025:13061
RHSA-2025:13120
RHSA-2025:13135
RHSA-2025:13776
RHSA-2025:15798
RHSA-2025:15921
RHSA-2025:15931
RHSA-2025:15932
RHSA-2025:15933
RHSA-2025:16008
RHSA-2025:16045
RHSA-2025_12746
RHSA-2025_12752
RHSA-2025_12753
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7704-1
USN-7704-2
USN-7704-3
USN-7704-4
USN-7704-5
USN-7711-1
USN-7712-1
USN-7712-2
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu