PT-2025-27715 · Linux+6 · Linux Kernel+6

Published

2025-05-27

·

Updated

2026-05-07

·

CVE-2025-38129

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc3-syzkaller-gdfa94ce54f41
Description: A use-after-free issue has been identified in the Linux kernel, specifically in the page pool recycle in ring function. This issue was reported by syzbot and is related to a slab-use-after-free error in lock release. The root cause of the problem is that the page pool can be freed while the last page in the ring is being recycled, leading to a use-after-free read. To fix this issue, a producer-lock barrier has been added to page pool release to prevent the page pool from being freed before all pages have been recycled.
Recommendations: For Linux kernel versions prior to 6.13.0-rc3-syzkaller-gdfa94ce54f41, consider applying the patch that adds a producer-lock barrier to page pool release to prevent the page pool from being freed before all pages have been recycled. As a temporary workaround, consider disabling the page pool recycle in ring function until a patch is available. Restrict access to the vulnerable page pool module to minimize the risk of exploitation. Avoid using the ptr ring produce bh function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:3066
ALSA-2026:3083
ALSA-2026:3110
BDU:2025-09604
CVE-2025-38129
ECHO-CD13-6950-4F32
OESA-2025-2118
OESA-2025-2119
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
OPENSUSE-SU-2025:20081-1
RHSA-2026:3066
RHSA-2026:3083
RHSA-2026:3110
RHSA-2026:4011
RHSA-2026:4111
RHSA-2026:4242
RHSA-2026:4243
RHSA-2026:4244
RHSA-2026:4245
RHSA-2026:4246
RHSA-2026:4444
RHSA-2026:5690
RHSA-2026:5813
RHSA-2026:5821
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
SUSE-SU-2026:0411-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0475-1
SUSE-SU-2026:0495-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:0674-1
SUSE-SU-2026:0711-1
SUSE-SU-2026:0713-1
SUSE-SU-2026:0725-1
SUSE-SU-2026:0727-1
SUSE-SU-2026:0731-1
SUSE-SU-2026:0734-1
SUSE-SU-2026:0736-1
SUSE-SU-2026:0745-1
SUSE-SU-2026:0748-1
SUSE-SU-2026:20672-1
SUSE-SU-2026:20673-1
SUSE-SU-2026:20674-1
SUSE-SU-2026:20678-1
SUSE-SU-2026:20679-1
SUSE-SU-2026:20680-1
SUSE-SU-2026:20681-1
SUSE-SU-2026:20699-1
SUSE-SU-2026:20700-1
SUSE-SU-2026:20701-1
SUSE-SU-2026:20702-1
SUSE-SU-2026:20703-1
SUSE-SU-2026:20704-1
SUSE-SU-2026:20705-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8243-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu