CVE-2025-38212
- Source
- https://cve.org/CVERecord?id=CVE-2025-38212
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38212.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38212
- Downstream
- Related
- Published
- 2025-07-04T13:37:30.957Z
- Modified
- 2026-03-20T12:42:44.492613Z
- Summary
- ipc: fix to protect IPCS lookups using RCU
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ipc: fix to protect IPCS lookups using RCU
syzbot reported that it discovered a use-after-free vulnerability, [0]
idrforeach() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idrforeach() calls radixtreenodefree() through callrcu() to free the radixtreenode structure, the node will be freed immediately, and when reading the next node in radixtreeforeachslot(), the already freed memory may be read.
Therefore, we need to add code to make sure that idrforeach() is protected within the RCU read-critical region when we call it in shmdestroyorphaned().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38212.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/5180561afff8e0f029073c8c8117c95c6512d1f9
- https://git.kernel.org/stable/c/5f1e1573bf103303944fd7225559de5d8297539c
- https://git.kernel.org/stable/c/68c173ea138b66d7dd1fd980c9bc578a18e11884
- https://git.kernel.org/stable/c/74bc813d11c30e28fc5261dc877cca662ccfac68
- https://git.kernel.org/stable/c/78297d53d3878d43c1d627d20cd09f611fa4b91d
- https://git.kernel.org/stable/c/b0b6bf90ce2699a574b3683e22c44d0dcdd7a057
- https://git.kernel.org/stable/c/b968ba8bfd9f90914957bbbd815413bf6a98eca7
- https://git.kernel.org/stable/c/d66adabe91803ef34a8b90613c81267b5ded1472
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38212.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38212
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb34a6b1da371ed8af1221459a18c67970f7e3d53Fixed5f1e1573bf103303944fd7225559de5d8297539cFixedb968ba8bfd9f90914957bbbd815413bf6a98eca7Fixed74bc813d11c30e28fc5261dc877cca662ccfac68Fixed78297d53d3878d43c1d627d20cd09f611fa4b91dFixed5180561afff8e0f029073c8c8117c95c6512d1f9Fixed68c173ea138b66d7dd1fd980c9bc578a18e11884Fixedb0b6bf90ce2699a574b3683e22c44d0dcdd7a057Fixedd66adabe91803ef34a8b90613c81267b5ded1472