PT-2025-30016 · Linux+5 · Linux Kernel+5

Jann Horn

·

Published

2025-07-09

·

Updated

2026-05-26

·

CVE-2025-38349

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel's eventpoll implementation where the epoll reference count is decremented while still holding the ep mutex. This can lead to a use-after-free condition. The issue arises because the decrementing of the reference count before unlocking the mutex allows another user to free the epoll structure while the mutex is still being accessed, potentially leading to a crash or unpredictable behavior. Mutexes do not guarantee object ownership, and a mutex unlock operation is not atomic, creating a race condition.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:1143
ALSA-2026:1690
ASB-A-432751421
AZL-65544
BDU:2025-10757
CVE-2025-38349
DSA-5975-1
ECHO-E238-0710-B4CC
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-2767
OPENSUSE-SU-2025:20081-1
RHSA-2026:1143
RHSA-2026:1690
RHSA-2026:2759
RHSA-2026:4111
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Rocky Linux
Suse
Ubuntu