CVE-2025-38078
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's PCM OSS audio subsystem. The vulnerability allows concurrent access to freed memory during audio stream initialization, potentially leading to system crashes or kernel memory corruption. It affects Linux systems using the OSS audio interface.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential local privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, audio subsystem crashes, or denial of service affecting audio functionality.
If Mitigated
Minor performance impact or no effect if OSS audio is not used.
🎯 Exploit Status
Exploitation requires triggering the race condition during audio stream initialization with OSS interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 10217da9644ae75cea7330f902c35fc5ba78bbbf, 74d90875f3d43f3eff0e9861c4701418795d3455, 8170d8ec4efd0be352c14cb61f374e30fb0c2a25, 93a81ca0657758b607c3f4ba889ae806be9beb73, afa56c960fcb4db37f2e3399f28e9402e4e1f470
Vendor Advisory: https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable OSS audio interface
linuxPrevent use of vulnerable OSS audio subsystem by disabling or blacklisting it.
echo 'blacklist snd-pcm-oss' >> /etc/modprobe.d/blacklist-oss.conf
rmmod snd-pcm-oss
🧯 If You Can't Patch
- Restrict local user access to systems where OSS audio is required.
- Monitor system logs for kernel panics or audio subsystem crashes.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if OSS modules are loaded: 'lsmod | grep snd-pcm-oss' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and OSS module is not loaded or system is stable during audio operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Audio subsystem crashes in dmesg
- Use-after-free warnings in kernel logs
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND "snd"🔗 References
- https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf
- https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455
- https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25
- https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73
- https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470
- https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4
- https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f
- https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
