CVE-2025-38490 – A double-free vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2025-38490?

CVE-2025-38490 has a CVSS score of 7.8 (HIGH). A double-free vulnerability in the Linux kernel's libwx networking module causes kernel panic when page_pool_put_full_page() is called redundantly during Rx buffer handling. This affects systems running vulnerable Linux kernel versions with the libwx module loaded, potentially leading to denial of service.

📋 TL;DR

A double-free vulnerability in the Linux kernel's libwx networking module causes kernel panic when page_pool_put_full_page() is called redundantly during Rx buffer handling. This affects systems running vulnerable Linux kernel versions with the libwx module loaded, potentially leading to denial of service.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated, but patches available for stable branches (see references).

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the libwx module to be loaded and active network traffic that triggers the specific code path.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or instability when network traffic triggers the vulnerable code path, resulting in downtime.

🟢

If Mitigated

Minimal impact if the libwx module is not loaded or the vulnerable code path is not triggered.

🌐 Internet-Facing: MEDIUM - Requires network traffic to trigger, but exploitation could cause service disruption.

🏢 Internal Only: MEDIUM - Internal network traffic could also trigger the vulnerability, affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending network traffic that triggers the vulnerable code path, but no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches (see references for specific commits).

Vendor Advisory: https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130

Restart Required: Yes

Instructions:

1. Update Linux kernel to a patched version. 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Unload libwx module

linux

Prevent the vulnerability by unloading the affected kernel module.

sudo rmmod libwx

🧯 If You Can't Patch

Ensure the libwx module is not loaded by blacklisting it in modprobe configuration.
Monitor system logs for kernel panic indicators and implement redundancy for critical systems.

🔍 How to Verify

Check if Vulnerable:

Check if the libwx module is loaded: lsmod | grep libwx

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a patched version and libwx module is either updated or not loaded.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages, list_del corruption warnings, or page_pool related errors in dmesg or system logs.

Network Indicators:

Unusual network traffic patterns that may trigger the vulnerability, though specific signatures are not defined.

SIEM Query:

source="kernel" AND ("list_del corruption" OR "page_pool_put_full_page" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2025-38490

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.02% exploit probability (3th percentile)

Published: July 28, 2025

Last Updated: November 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38490, you might also want to check these: