Login Sign Up

CVE-2025-38443

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's NBD (Network Block Device) driver. When nbd_genl_connect() encounters certain errors after starting a device, it fails to properly stop the device, allowing freed memory to be accessed by recv_work threads. This affects Linux systems using NBD functionality.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing the vulnerable code up to the fix commit. Specific version ranges depend on distribution backports.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when NBD module is loaded and in use. Many systems don't use NBD by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential arbitrary code execution with kernel privileges leading to complete system compromise.

🟠

Likely Case

System instability, kernel panic, or denial of service causing affected NBD connections to fail.

🟢

If Mitigated

No impact if NBD functionality is disabled or the system is patched.

🌐 Internet-Facing: LOW - NBD is typically used internally or in trusted networks, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Systems using NBD for storage or virtualization could experience service disruption or potential privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific error conditions in NBD connection setup. The vulnerability was discovered through syzkaller fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commit 002aca89753f666d878ca0eb8584c372684ac4ba and backported to stable branches

Vendor Advisory: https://git.kernel.org/stable/c/002aca89753f666d878ca0eb8584c372684ac4ba

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NBD module

linux

Prevent loading of the NBD kernel module if not needed

echo 'blacklist nbd' > /etc/modprobe.d/blacklist-nbd.conf
rmmod nbd

Restrict NBD usage

linux

Only allow trusted users to configure NBD devices

chmod 600 /dev/nbd*
setfacl -m u:trusteduser:rw /dev/nbd*

🧯 If You Can't Patch

  • Disable NBD functionality entirely if not required
  • Monitor systems for NBD-related crashes or unusual behavior

🔍 How to Verify

Check if Vulnerable:

Check if NBD module is loaded: lsmod | grep nbd. If loaded and kernel version is before fix, system may be vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commit: uname -r and verify with distribution's security advisory.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN reports of use-after-free in nbd driver
  • System logs showing NBD connection failures

Network Indicators:

  • Unexpected NBD connection attempts from untrusted sources

SIEM Query:

source="kernel" AND ("nbd" OR "KASAN" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2025-38443
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.02% exploit probability (4.5th percentile)
Published: July 25, 2025
Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38443, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)