CVE-2025-38137
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's PCI power control subsystem allows attackers to potentially crash the system or execute arbitrary code with kernel privileges. This affects Linux systems with PCI power control drivers that can be unloaded while rescan work is pending. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or arbitrary code execution with kernel privileges, potentially resulting in complete system compromise.
Likely Case
System crash or kernel panic causing denial of service, requiring system reboot to recover.
If Mitigated
Limited impact due to requirement for local access and specific driver conditions; properly segmented systems would contain damage.
🎯 Exploit Status
Requires local access and ability to manipulate PCI rescan timing while driver unload occurs. Exploitation requires specific timing conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 8b926f237743f020518162c62b93cb7107a2b5eb and b3ad6d23fec23fbef382ce9ea640c37446593cf5
Vendor Advisory: https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check kernel commit history for inclusion of fix commits. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Prevent PCI driver unloading
linuxConfigure system to prevent unloading of PCI power control drivers while system is operational
echo 'blacklist pwrctrl_driver_name' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems with PCI power control drivers
- Implement strict privilege separation and limit users who can load/unload kernel modules
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it includes the fix commits: uname -r and examine kernel source/git historyCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and includes commits 8b926f237743f020518162c62b93cb7107a2b5eb and b3ad6d23fec23fbef382ce9ea640c37446593cf5📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- PCI subsystem errors in dmesg
- Use-after-free kernel oops
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND ("panic" OR "oops" OR "use-after-free") AND "pci" AND "pwrctrl"