PT-2025-33754 · Linux+5 · Linux Kernel+5

Published

2025-07-21

·

Updated

2026-04-20

·

CVE-2025-38555

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains a use-after-free issue within the composite dev cleanup() function. This occurs because a pointer, cdev->os desc req, may not be set to NULL after a kmalloc failure in configfs composite bind(). Subsequently, composite dev cleanup() attempts to use this potentially freed pointer, leading to the use-after-free condition. The issue is located in the configfs composite bind() and composite dev cleanup() functions.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

NULL Pointer Dereference

Weakness Enumeration

CWE-416CWE-476

Related Identifiers

BDU:2025-10721
CVE-2025-38555
DLA-4327-1
DLA-4328-1
ECHO-2275-6171-E763
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03283-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03314-1
SUSE-SU-2025:03315-1
SUSE-SU-2025:03317-1
SUSE-SU-2025:03318-1
SUSE-SU-2025:03319-1
SUSE-SU-2025:03321-1
SUSE-SU-2025:03341-1
SUSE-SU-2025:03343-1
SUSE-SU-2025:03344-1
SUSE-SU-2025:03370-1
SUSE-SU-2025:03374-1
SUSE-SU-2025:03375-1
SUSE-SU-2025:03381-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03383-1
SUSE-SU-2025:03387-1
SUSE-SU-2025:03389-1
SUSE-SU-2025:03391-1
SUSE-SU-2025:03392-1
SUSE-SU-2025:03393-1
SUSE-SU-2025:03395-1
SUSE-SU-2025:03396-1
SUSE-SU-2025:03397-1
SUSE-SU-2025:03400-1
SUSE-SU-2025:03403-1
SUSE-SU-2025:03406-1
SUSE-SU-2025:03408-1
SUSE-SU-2025:03410-1
SUSE-SU-2025:03411-1
SUSE-SU-2025:03412-1
SUSE-SU-2025:03413-1
SUSE-SU-2025:03418-1
SUSE-SU-2025:03419-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20722-1
SUSE-SU-2025:20723-1
SUSE-SU-2025:20724-1
SUSE-SU-2025:20725-1
SUSE-SU-2025:20726-1
SUSE-SU-2025:20727-1
SUSE-SU-2025:20728-1
SUSE-SU-2025:20729-1
SUSE-SU-2025:20730-1
SUSE-SU-2025:20731-1
SUSE-SU-2025:20732-1
SUSE-SU-2025:20733-1
SUSE-SU-2025:20734-1
SUSE-SU-2025:20735-1
SUSE-SU-2025:20736-1
SUSE-SU-2025:20737-1
SUSE-SU-2025:20738-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:20768-1
SUSE-SU-2025:20769-1
SUSE-SU-2025:20770-1
SUSE-SU-2025:20771-1
SUSE-SU-2025:20772-1
SUSE-SU-2025:20773-1
SUSE-SU-2025:20774-1
SUSE-SU-2025:20784-1
SUSE-SU-2025:20785-1
SUSE-SU-2025:20786-1
SUSE-SU-2025:20787-1
SUSE-SU-2025:20788-1
SUSE-SU-2025:20789-1
SUSE-SU-2025:20790-1
SUSE-SU-2025:20791-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03314-1
SUSE-SU-2025_03344-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7934-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu