CVE-2025-38087

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38087
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38087.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38087
Downstream
Related
Published
2025-06-30T07:29:43Z
Modified
2025-10-18T02:24:27.863825Z
Summary
net/sched: fix use-after-free in taprio_dev_notifier
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fix use-after-free in tapriodevnotifier

Since taprio’s tapriodevnotifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free.

Adding rcureadlock() inside tapriodevnotifier() prevents this.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fed87cc6718ad5f80aa739fee3c5979a8b09d3a6
Fixed
8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fed87cc6718ad5f80aa739fee3c5979a8b09d3a6
Fixed
8a008c89e5e5c5332e4c0a33d707db9ddd529f8a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fed87cc6718ad5f80aa739fee3c5979a8b09d3a6
Fixed
b1547d28ba468bc3b88764efd13e4319bab63be8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fed87cc6718ad5f80aa739fee3c5979a8b09d3a6
Fixed
b160766e26d4e2e2d6fe2294e0b02f92baefcec5

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.16-rc1
v6.2
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "69674589957915548981785362263789527782",
                "31139551195472988659268173310476575731",
                "336784581672920792090667908378745935124",
                "213949636862755225947577147874260373378",
                "8395471258552685536211029495196267666",
                "227349228848621948658009432069388767293",
                "318402556201604921444619153126889214757",
                "178958999016924003053880472856714466512",
                "289842601707526755600610180285009873027"
            ]
        },
        "target": {
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b160766e26d4e2e2d6fe2294e0b02f92baefcec5",
        "signature_version": "v1",
        "id": "CVE-2025-38087-14476c62"
    },
    {
        "digest": {
            "length": 624.0,
            "function_hash": "116583157896398036732489700316509073430"
        },
        "target": {
            "function": "taprio_dev_notifier",
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a008c89e5e5c5332e4c0a33d707db9ddd529f8a",
        "signature_version": "v1",
        "id": "CVE-2025-38087-1aedd075"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "69674589957915548981785362263789527782",
                "31139551195472988659268173310476575731",
                "336784581672920792090667908378745935124",
                "213949636862755225947577147874260373378",
                "8395471258552685536211029495196267666",
                "227349228848621948658009432069388767293",
                "318402556201604921444619153126889214757",
                "178958999016924003053880472856714466512",
                "289842601707526755600610180285009873027"
            ]
        },
        "target": {
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b1547d28ba468bc3b88764efd13e4319bab63be8",
        "signature_version": "v1",
        "id": "CVE-2025-38087-22a08ade"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "69674589957915548981785362263789527782",
                "31139551195472988659268173310476575731",
                "336784581672920792090667908378745935124",
                "213949636862755225947577147874260373378",
                "8395471258552685536211029495196267666",
                "227349228848621948658009432069388767293",
                "318402556201604921444619153126889214757",
                "178958999016924003053880472856714466512",
                "289842601707526755600610180285009873027"
            ]
        },
        "target": {
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a008c89e5e5c5332e4c0a33d707db9ddd529f8a",
        "signature_version": "v1",
        "id": "CVE-2025-38087-3f77327b"
    },
    {
        "digest": {
            "length": 624.0,
            "function_hash": "116583157896398036732489700316509073430"
        },
        "target": {
            "function": "taprio_dev_notifier",
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69c",
        "signature_version": "v1",
        "id": "CVE-2025-38087-5b8a1ff6"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "69674589957915548981785362263789527782",
                "31139551195472988659268173310476575731",
                "336784581672920792090667908378745935124",
                "213949636862755225947577147874260373378",
                "8395471258552685536211029495196267666",
                "227349228848621948658009432069388767293",
                "318402556201604921444619153126889214757",
                "178958999016924003053880472856714466512",
                "289842601707526755600610180285009873027"
            ]
        },
        "target": {
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69c",
        "signature_version": "v1",
        "id": "CVE-2025-38087-b061d85f"
    },
    {
        "digest": {
            "length": 624.0,
            "function_hash": "116583157896398036732489700316509073430"
        },
        "target": {
            "function": "taprio_dev_notifier",
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b1547d28ba468bc3b88764efd13e4319bab63be8",
        "signature_version": "v1",
        "id": "CVE-2025-38087-dfbe70f4"
    },
    {
        "digest": {
            "length": 624.0,
            "function_hash": "116583157896398036732489700316509073430"
        },
        "target": {
            "function": "taprio_dev_notifier",
            "file": "net/sched/sch_taprio.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b160766e26d4e2e2d6fe2294e0b02f92baefcec5",
        "signature_version": "v1",
        "id": "CVE-2025-38087-f8b305ff"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.6.95
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.35
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.4