CVE-2025-38536

16.08.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: fix potential use-after-free in airoha_npu_get()

np->name was being used after calling of_node_put(np), which
releases the node and can lead to a use-after-free bug.
Previously, of_node_put(np) was called unconditionally after
of_find_device_by_node(np), which could result in a use-after-free if
pdev is NULL.

This patch moves of_node_put(np) after the error check to ensure
the node is only released after both the error and success cases
are handled appropriately, preventing potential resource issues.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Vendor	Product	Version
linux	linux_kernel	6.15 ≤ 𝑥 < 6.15.8
linux	linux_kernel	6.16:rc1
linux	linux_kernel	6.16:rc2
linux	linux_kernel	6.16:rc3
linux	linux_kernel	6.16:rc4
linux	linux_kernel	6.16:rc5
linux	linux_kernel	6.16:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.247-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6

https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d