CVE-2025-38024
- Source
- https://cve.org/CVERecord?id=CVE-2025-38024
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38024.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38024
- Downstream
- Related
- Published
- 2025-06-18T09:28:30.669Z
- Modified
- 2026-03-20T12:42:37.852086Z
- Summary
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug
Call Trace: <TASK> __dumpstack lib/dumpstack.c:94 [inline] dump_stacklvl+0x7d/0xa0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:378 [inline] printreport+0xcf/0x610 mm/kasan/report.c:489 kasanreport+0xb5/0xe0 mm/kasan/report.c:602 rxequeuecleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxequeue.c:195 rxecqcleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxecq.c:132 __rxecleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxepool.c:232 rxecreatecq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxeverbs.c:1109 createcq+0x658/0xb90 drivers/infiniband/core/uverbscmd.c:1052 ibuverbscreatecq+0xc7/0x120 drivers/infiniband/core/uverbscmd.c:1095 ibuverbswrite+0x969/0xc90 drivers/infiniband/core/uverbsmain.c:679 vfswrite fs/readwrite.c:677 [inline] vfswrite+0x26a/0xcc0 fs/readwrite.c:659 ksyswrite+0x1b8/0x200 fs/readwrite.c:731 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xaa/0x1b0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
In the function rxecreatecq, when rxecqfrominit fails, the function rxecleanup will be called to handle the allocated resources. In fact, some memory resources have already been freed in the function rxecqfrom_init. Thus, this problem will occur.
The solution is to let rxe_cleanup do all the work.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38024.json" }- References
-
- https://git.kernel.org/stable/c/16c45ced0b3839d3eee72a86bb172bef6cf58980
- https://git.kernel.org/stable/c/336edd6b0f5b7fbffc3e065285610624f59e88df
- https://git.kernel.org/stable/c/3a3b73e135e3bd18423d0baa72571319c7feb759
- https://git.kernel.org/stable/c/52daccfc3fa68ee1902d52124921453d7a335591
- https://git.kernel.org/stable/c/7c7c80c32e00665234e373ab03fe82f5c5c2c230
- https://git.kernel.org/stable/c/ee4c5a2a38596d548566560c0c022ab797e6f71a
- https://git.kernel.org/stable/c/f81b33582f9339d2dc17c69b92040d3650bb4bae
- https://git.kernel.org/stable/c/f8f470e3a757425a8f98fb9a5991e3cf62fc7134
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38024.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38024
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8700e3e7c4857d28ebaa824509934556da0b3e76Fixed7c7c80c32e00665234e373ab03fe82f5c5c2c230Fixed3a3b73e135e3bd18423d0baa72571319c7feb759Fixedf8f470e3a757425a8f98fb9a5991e3cf62fc7134Fixed52daccfc3fa68ee1902d52124921453d7a335591Fixedee4c5a2a38596d548566560c0c022ab797e6f71aFixed336edd6b0f5b7fbffc3e065285610624f59e88dfFixed16c45ced0b3839d3eee72a86bb172bef6cf58980Fixedf81b33582f9339d2dc17c69b92040d3650bb4bae