CVE-2025-38536

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a use-after-free flaw within the airoha npu get() function. The vulnerability occurs because the np->name field is accessed after the associated node has been released by of node put(np). This can happen if pdev is NULL, leading to a use-after-free condition. The issue has been addressed by moving the call to of node put(np) after an error check, ensuring the node is released only after both success and error scenarios are handled.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.