PT-2025-27962 · Linux+3 · Linux Kernel+3

Published

2025-05-27

·

Updated

2026-04-20

·

CVE-2025-38187

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A use-after-free issue has been identified in the Linux kernel, specifically in the r535 gsp rpc push() function. This occurs when the RPC container is released after being passed to r535 gsp rpc send(), resulting in premature freeing of the container. Subsequent attempts to send remaining fragments of a large RPC will lead to a use-after-free. The issue arises when sending the initial fragment of a large RPC and passing the caller's RPC container. To resolve this, a temporary RPC container is allocated for holding the initial fragment of a large RPC when sending, and the caller's container is freed when all fragments are successfully sent.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-09257
CVE-2025-38187
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1

Affected Products

Astra Linux
Debian
Linux Kernel
Suse