PT-2025-27692 · Linux+5 · Linux Kernel+5

Published

2025-06-10

·

Updated

2026-03-09

·

CVE-2025-38106

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version
Description: A use-after-free vulnerability has been identified in the Linux kernel, specifically in the io uring subsystem. The issue arises when the sq->thread is released while being used in the io uring show fdinfo() function. This vulnerability can be triggered due to a lack of proper synchronization, allowing the sq->thread to be freed prematurely. The estimated number of potentially affected devices is not provided.
Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the use-after-free vulnerability in the io uring subsystem. As a temporary workaround, consider disabling the io uring feature until a patch is available. Restrict access to the vulnerable io uring show fdinfo() function to minimize the risk of exploitation. Avoid using the sq->thread variable in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:3966
ALSA-2026:4012
BDU:2025-08997
CVE-2025-38106
OPENSUSE-SU-2025:20081-1
RHSA-2026:3088
RHSA-2026:3579
RHSA-2026:3966
RHSA-2026:4012
SUSE-SU-2025:02853-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu