PT-2025-27986 · Linux+9 · Linux Kernel+9

Anubis

·

Published

2025-05-10

·

Updated

2026-05-26

·

CVE-2025-38211

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version
Description: A use-after-free condition in the Linux kernel's RDMA/iwcm module can occur when the last reference to a cm id is decremented in an event handler work, causing the work object for the work itself to get removed. This can lead to a slab-use-after-free bug. The issue is reproducible by repeating a specific test case for the rdma transport and the siw driver.
Recommendations: To resolve the issue, ensure that the last reference to the cm id is decremented not in the event handler works, but in the cm id destruction context. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:15005
ALSA-2025:15008
ALSA-2025:15009
ALSA-2025:15011
AZL-64686
BDU:2025-15216
CESA-2025_15008
CESA-2025_15009
CVE-2025-38211
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-B888-9FD6-F498
INFSA-2025_15008
INFSA-2025_15009
INFSA-2025_15011
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-2054
OESA-2025-2055
OESA-2025-2056
OESA-2026-1009
OESA-2026-1010
OPENSUSE-SU-2025:20081-1
RHSA-2025:15008
RHSA-2025:15009
RHSA-2025_15008
RHSA-2025_15009
RHSA-2025_15011
SUSE-SU-2025:02846-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02846-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu