Login Sign Up

CVE-2025-38022

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's RDMA subsystem that occurs when renaming InfiniBand device names. The vulnerability allows reading freed memory, potentially leading to information disclosure or system instability. Systems using RDMA-capable hardware with affected Linux kernel versions are at risk.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches available for multiple stable branches
Operating Systems: Linux distributions with affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires RDMA hardware and drivers to be present and configured. Vulnerability triggers during device rename operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, kernel panic, or information disclosure from kernel memory.

🟢

If Mitigated

Limited impact with proper access controls and no RDMA device renaming operations.

🌐 Internet-Facing: LOW - RDMA typically requires local network access and specific hardware.
🏢 Internal Only: MEDIUM - Requires local network access to RDMA devices and ability to rename devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to rename RDMA devices, which typically requires appropriate privileges. Race condition makes timing important.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 03df57ad4b0ff9c5a93ff981aba0b42578ad1571, 10c7f1c647da3b77ef8827d974a97b6530b64df0, 17d3103325e891e10994e7aa28d12bea04dc2c60, 312dae3499106ec8cb7442ada12be080aa9fbc3b, 5629064f92f0de6d6b3572055cd35361c3ad953c

Vendor Advisory: https://git.kernel.org/stable/c/03df57ad4b0ff9c5a93ff981aba0b42578ad1571

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable RDMA device renaming

linux

Prevent device rename operations that trigger the vulnerability

# Restrict device rename permissions
# Configure system to prevent unauthorized RDMA device modifications

Disable RDMA if not needed

linux

Remove or disable RDMA hardware/drivers if not required

# Check RDMA status: rdma link show
# Disable RDMA modules if possible

🧯 If You Can't Patch

  • Restrict access to RDMA device management operations
  • Implement strict privilege separation for RDMA operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if RDMA is active: uname -r && rdma link show

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and test device rename operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN reports of use-after-free in RDMA subsystem
  • System crashes during device rename operations

Network Indicators:

  • Unusual RDMA device rename activity

SIEM Query:

Search for kernel logs containing 'KASAN: slab-use-after-free' or 'ib_register_device' errors

📊 Metadata

CVE ID: CVE-2025-38022
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.02% exploit probability (3.7th percentile)
Published: June 18, 2025
Last Updated: January 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38022, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)