Login Sign Up

CVE-2025-38342

7.1 HIGH

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the Linux kernel's software node subsystem. The flaw occurs in software_node_get_reference_args() where improper bounds checking could allow reading beyond allocated memory boundaries. This affects all Linux systems using the vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE description; check git commits for exact ranges.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires software node functionality to be used; impact depends on specific kernel configuration and modules loaded.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leakage, potential privilege escalation, or system crash/instability.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially exposing sensitive data or causing system instability.

🟢

If Mitigated

Limited impact with proper kernel hardening and memory protection mechanisms in place.

🌐 Internet-Facing: LOW - Requires local access or specific kernel module interaction.
🏢 Internal Only: MEDIUM - Local attackers could exploit this to gain information or cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and specific conditions; no public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific git commits for patched kernel versions

Vendor Advisory: https://git.kernel.org/stable/c/142acd739eb6f08c148a96ae8309256f1422ff4b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official sources. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable software node functionality

linux

Remove or disable software node kernel modules if not required

modprobe -r software_node_module_name

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Enable kernel hardening features like KASLR and memory protection

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions in git commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version and check for presence of fix in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crash logs
  • Unexpected kernel module behavior

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for kernel panic or oops events in system logs

📊 Metadata

CVE ID: CVE-2025-38342
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
EPSS Score: 0.02% exploit probability (4th percentile)
Published: July 10, 2025
Last Updated: December 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38342, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)