CVE-2025-38536 (GCVE-0-2025-38536)
Vulnerability from cvelistv5
Published
2025-08-16 11:12
Modified
2025-08-16 11:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases the node and can lead to a use-after-free bug. Previously, of_node_put(np) was called unconditionally after of_find_device_by_node(np), which could result in a use-after-free if pdev is NULL. This patch moves of_node_put(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues.
References
Impacted products
Vendor Product Version
Linux Linux Version: 23290c7bc190def4e1ca61610992d9b7c32e33f3
Version: 23290c7bc190def4e1ca61610992d9b7c32e33f3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/airoha/airoha_npu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "df6bf96b41e547e350667bc4c143be53646d070d",
              "status": "affected",
              "version": "23290c7bc190def4e1ca61610992d9b7c32e33f3",
              "versionType": "git"
            },
            {
              "lessThan": "3cd582e7d0787506990ef0180405eb6224fa90a6",
              "status": "affected",
              "version": "23290c7bc190def4e1ca61610992d9b7c32e33f3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/airoha/airoha_npu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.8",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: fix potential use-after-free in airoha_npu_get()\n\nnp-\u003ename was being used after calling of_node_put(np), which\nreleases the node and can lead to a use-after-free bug.\nPreviously, of_node_put(np) was called unconditionally after\nof_find_device_by_node(np), which could result in a use-after-free if\npdev is NULL.\n\nThis patch moves of_node_put(np) after the error check to ensure\nthe node is only released after both the error and success cases\nare handled appropriately, preventing potential resource issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-16T11:12:28.627Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6"
        }
      ],
      "title": "net: airoha: fix potential use-after-free in airoha_npu_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38536",
    "datePublished": "2025-08-16T11:12:28.627Z",
    "dateReserved": "2025-04-16T04:51:24.024Z",
    "dateUpdated": "2025-08-16T11:12:28.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38536\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-16T12:15:29.347\",\"lastModified\":\"2025-08-16T12:15:29.347\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: airoha: fix potential use-after-free in airoha_npu_get()\\n\\nnp-\u003ename was being used after calling of_node_put(np), which\\nreleases the node and can lead to a use-after-free bug.\\nPreviously, of_node_put(np) was called unconditionally after\\nof_find_device_by_node(np), which could result in a use-after-free if\\npdev is NULL.\\n\\nThis patch moves of_node_put(np) after the error check to ensure\\nthe node is only released after both the error and success cases\\nare handled appropriately, preventing potential resource issues.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.