PT-2025-34417 · Linux+3 · Linux Kernel+3

Published

2025-07-01

Updated

2026-03-05

CVE-2025-38656

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains an issue within the iwlwifi module related to error handling in the iwl op mode dvm start() function. Specifically, the code was returning an incorrect error code (NULL) when iwl setup deferred work() failed, potentially leading to a use-after-free condition involving debugfs.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-71023

AZL-78267

BDU:2026-03076

CVE-2025-38656

MGASA-2025-0234

MGASA-2025-0235

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03272-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03301-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03602-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20653-1

SUSE-SU-2025:20669-1

SUSE-SU-2025:20739-1

SUSE-SU-2025:20756-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_03272-1

SUSE-SU-2025_03290-1

SUSE-SU-2025_03301-1

SUSE-SU-2025_03382-1

SUSE-SU-2026:0473-1

Affected Products

Astra Linux

Linux Kernel

Suse

Iwlwifi

PT-2025-34417 · Linux+3 · Linux Kernel+3

CVE-2025-38656

Weakness Enumeration

Related Identifiers

Affected Products

References · 2056