CVE-2025-38211 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-38211?

CVE-2025-38211 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's RDMA/iwcm subsystem where work objects allocated for connection management IDs (cm_id) can be accessed after being freed during destruction. This can lead to kernel memory corruption, crashes, or potential privilege escalation. It affects systems using RDMA (Remote Direct Memory Access) with the iw_cm module, particularly those running vulnerable Linux kernel versions.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's RDMA/iwcm subsystem where work objects allocated for connection management IDs (cm_id) can be accessed after being freed during destruction. This can lead to kernel memory corruption, crashes, or potential privilege escalation. It affects systems using RDMA (Remote Direct Memory Access) with the iw_cm module, particularly those running vulnerable Linux kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly listed in description, but references indicate fixes in stable kernel trees; likely affects versions between the introduction of commit 59c68ac31e15 and the fix commits.

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the RDMA subsystem and iw_cm module are loaded and in use (e.g., with NVMe over RDMA, InfiniBand, or RoCE).

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode allowing full system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting RDMA-dependent applications like NVMe over RDMA.

🟢

If Mitigated

No impact if the vulnerable subsystem is not in use or the system is patched.

🌐 Internet-Facing: LOW - RDMA is typically used in internal high-performance computing clusters, not directly internet-facing.

🏢 Internal Only: MEDIUM - Affects internal systems using RDMA for storage or high-performance networking; exploitation requires local access or ability to trigger RDMA operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires triggering specific RDMA connection management events to cause the use-after-free condition.

Exploitation likely requires local access or ability to initiate RDMA connections; the BUG report shows it's reproducible with blktests nvme/061 test for rdma transport and siw driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable commits: 013dcdf6f03bcedbaf1669e3db71c34a197715b2, 23a707bbcbea468eedb398832eeb7e8e0ceafd21, 3b4a50d733acad6831f6bd9288a76a80f70650ac, 6883b680e703c6b2efddb4e7a8d891ce1803d06b, 764c9f69beabef8bdc651a7746c59f7a340d104f

Vendor Advisory: https://git.kernel.org/stable/c/013dcdf6f03bcedbaf1669e3db71c34a197715b2

Restart Required: Yes

Instructions:

1. Update the Linux kernel to a version containing the fix commits. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel version and ensuring RDMA functionality works without crashes.

🔧 Temporary Workarounds

Disable RDMA iw_cm module

linux

Prevent loading of the vulnerable iw_cm kernel module if RDMA is not required.

echo 'blacklist iw_cm' >> /etc/modprobe.d/blacklist-iw_cm.conf
update-initramfs -u
reboot

Unload iw_cm module

linux

Temporarily unload the module if it's currently loaded (note: may break RDMA functionality).

rmmod iw_cm

🧯 If You Can't Patch

Restrict access to systems using RDMA to trusted users only.
Monitor system logs for kernel panics or KASAN reports related to iw_cm or RDMA.

🔍 How to Verify

Check if Vulnerable:

Check if the iw_cm module is loaded: lsmod | grep iw_cm. If loaded and kernel version is vulnerable, the system is at risk.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: uname -r and check with your distribution's patch notes. Test RDMA functionality (e.g., run blktests nvme/061) to ensure no crashes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN reports mentioning iw_cm, __pwq_activate_work, or use-after-free
System crashes during RDMA operations

Network Indicators:

Unexpected failures in RDMA connections or NVMe over RDMA traffic

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "iw_cm" OR "BUG")

📊 Metadata

CVE ID: CVE-2025-38211

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: July 4, 2025

Last Updated: December 18, 2025

🔗 References

https://git.kernel.org/stable/c/013dcdf6f03bcedbaf1669e3db71c34a197715b2 Patch
https://git.kernel.org/stable/c/23a707bbcbea468eedb398832eeb7e8e0ceafd21 Patch
https://git.kernel.org/stable/c/3b4a50d733acad6831f6bd9288a76a80f70650ac Patch
https://git.kernel.org/stable/c/6883b680e703c6b2efddb4e7a8d891ce1803d06b Patch
https://git.kernel.org/stable/c/764c9f69beabef8bdc651a7746c59f7a340d104f Patch
https://git.kernel.org/stable/c/78381dc8a6b61c9bb9987d37b4d671b99767c4a1 Patch
https://git.kernel.org/stable/c/bf7eff5e3a36c54bbe8aff7fd6dd7c07490b81c5 Patch
https://git.kernel.org/stable/c/fd960b5ddf4faf00da43babdd3acda68842e1f6a Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38211, you might also want to check these: