CVE-2025-38236 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-38236?

CVE-2025-38236 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's AF_UNIX socket implementation allows local attackers to potentially execute arbitrary code or crash the system. The vulnerability occurs when handling consecutive out-of-band (OOB) data packets, leading to memory corruption. This affects all Linux systems using AF_UNIX sockets.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's AF_UNIX socket implementation allows local attackers to potentially execute arbitrary code or crash the system. The vulnerability occurs when handling consecutive out-of-band (OOB) data packets, leading to memory corruption. This affects all Linux systems using AF_UNIX sockets.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions before the fix commits (specific versions vary by distribution, but generally Linux kernel versions before the patches were applied)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AF_UNIX socket usage with OOB data handling. The vulnerability is in the kernel itself, not dependent on specific applications.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, arbitrary code execution, or complete system crash leading to denial of service.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially allowing information disclosure through memory corruption.

🟢

If Mitigated

Limited impact if proper kernel hardening and memory protection mechanisms are enabled, though crashes may still occur.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.

🏢 Internal Only: MEDIUM - Local users or processes could exploit this to escalate privileges or crash systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

The Python reproduction script in the CVE description demonstrates the issue. Exploitation requires local access and knowledge of socket programming.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 32ca245464e1479bfea8592b9db227fdc1641705, 523edfed4f68b7794d85b9ac828c5f8f4442e4c5, 61a9ad7b69ce688697e5f63332f03e17725353bc, 8db4d2d026e6e3649832bfe23b96c4acff0756db, a12237865b48a73183df252029ff5065d73d305e

Vendor Advisory: https://git.kernel.org/stable/c/32ca245464e1479bfea8592b9db227fdc1641705

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable AF_UNIX sockets (not recommended)

linux

Remove or disable AF_UNIX socket functionality - this breaks many system services and applications.

🧯 If You Can't Patch

Restrict local user access to minimize attack surface
Implement strict process isolation and privilege separation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution. The vulnerability exists if using unpatched kernel with AF_UNIX support.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version from vendor. Test with reproduction script from CVE description.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN reports of use-after-free in unix_stream_read_actor
System crash/reboot events

Network Indicators:

Local socket activity with OOB data patterns

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "unix_stream_read_actor")

📊 Metadata

CVE ID: CVE-2025-38236

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: July 8, 2025

Last Updated: December 18, 2025

🔗 References

https://git.kernel.org/stable/c/32ca245464e1479bfea8592b9db227fdc1641705 Patch
https://git.kernel.org/stable/c/523edfed4f68b7794d85b9ac828c5f8f4442e4c5 Patch
https://git.kernel.org/stable/c/61a9ad7b69ce688697e5f63332f03e17725353bc Patch
https://git.kernel.org/stable/c/8db4d2d026e6e3649832bfe23b96c4acff0756db Patch
https://git.kernel.org/stable/c/a12237865b48a73183df252029ff5065d73d305e Patch
https://git.kernel.org/stable/c/fad0a2c16062ac7c606b93166a7ce9d265bab976 Patch
https://project-zero.issues.chromium.org/issues/423023990 Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38236, you might also want to check these: