CVE-2025-38176

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version

Description: A use-after-free issue has been identified in the Linux kernel, specifically in the binderfs evict inode() function. This issue can be triggered by running a stress-ng workload with the --binderfs option, which causes concurrent deletions from binder devices and requires full-featured synchronization to prevent list corruption. The estimated number of potentially affected devices worldwide is not available.

Recommendations: To resolve this issue, update to a version of the Linux kernel that includes the fix for the use-after-free in binderfs evict inode(). As a temporary workaround, consider disabling the binderfs functionality until a patch is available. Restrict access to the binder devices list to minimize the risk of exploitation. Avoid using the binderfs evict inode() function until the issue is resolved.