CVE-2025-38209

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A vulnerability in the Linux kernel has been resolved, related to the nvme-tcp module. The issue occurs when the second admin queue configuration fails, causing a tag set to not be removed. This can lead to a BUG KASAN slab-use-after-free in blk mq queue tag busy iter(). The problem arises from the nvme tcp setup ctrl() function not calling nvme remove admin tag set() when the second nvme tcp configure admin queue() call fails. To fix this, nvme remove admin tag set() is called when the second nvme tcp configure admin queue() call fails, and the function jumps to the "destroy admin" label to call nvme tcp teardown admin queue(), which removes the admin tag set.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-08998

CVE-2025-38209

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2025-38209

Weakness Enumeration

Related Identifiers

Affected Products

References · 1629