CVE-2025-38577 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-38577?

CVE-2025-38577 has a CVSS score of 5.5 (MEDIUM). A use-after-free vulnerability in the Linux kernel's F2FS filesystem can cause kernel panic when evicting inodes. This affects systems using F2FS filesystem and could lead to denial of service or potential privilege escalation. The vulnerability is triggered during filesystem operations like unmounting or inode cleanup.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's F2FS filesystem can cause kernel panic when evicting inodes. This affects systems using F2FS filesystem and could lead to denial of service or potential privilege escalation. The vulnerability is triggered during filesystem operations like unmounting or inode cleanup.

💻 Affected Systems

Products:

Linux kernel with F2FS support

Versions: Linux kernel versions before fixes (specific commits listed in references)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using F2FS filesystem. Systems not using F2FS are not vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation if combined with other vulnerabilities, or data corruption on F2FS filesystems.

🟠

Likely Case

System crash or kernel panic when performing filesystem operations on F2FS, resulting in denial of service.

🟢

If Mitigated

Minor performance impact during filesystem operations with proper kernel hardening and isolation.

🌐 Internet-Facing: LOW - Requires local filesystem access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with filesystem access can trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger specific F2FS operations. The vulnerability was discovered through syzkaller fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits: 15df59809c54fbd687cdf27efbd2103a937459be, 42f9ea16aea8b49febaa87950a006a1792209f38, 4732ca17c17f5062426cfa982f43593e6b81963b, 5cd99d5aa3d39086bdb53eb5c52df16e98b101a0, 880ef748e78a1eb7df2d8e11a9ef21e98bcaabe5

Vendor Advisory: https://git.kernel.org/stable/c/15df59809c54fbd687cdf27efbd2103a937459be

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable F2FS filesystem

all

Avoid using F2FS filesystem until patched

# Check if F2FS is in use: mount | grep f2fs
# If found, consider migrating to ext4 or other filesystems

Restrict user access to F2FS mounts

all

Limit which users can access F2FS filesystems

# Use mount options: mount -o nosuid,nodev,noexec /dev/sdX /mnt/f2fs
# Set appropriate permissions on mount points

🧯 If You Can't Patch

Implement strict access controls on F2FS filesystems
Monitor system logs for kernel panic or F2FS-related errors
Consider migrating critical data off F2FS filesystems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if F2FS is in use: uname -r && mount | grep f2fs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: grep -r '15df59809c54fbd687cdf27efbd2103a937459be' /usr/src/linux/

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN use-after-free reports
F2FS error messages in dmesg
System crash/reboot logs

Network Indicators:

None - local vulnerability

SIEM Query:

source="kernel" AND ("KASAN: use-after-free" OR "f2fs_evict_inode" OR "panic" OR "BUG:")

📊 Metadata

CVE ID: CVE-2025-38577

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

EPSS Score: 0.01% exploit probability (2.3th percentile)

Published: August 19, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/15df59809c54fbd687cdf27efbd2103a937459be Patch
https://git.kernel.org/stable/c/42f9ea16aea8b49febaa87950a006a1792209f38 Patch
https://git.kernel.org/stable/c/4732ca17c17f5062426cfa982f43593e6b81963b Patch
https://git.kernel.org/stable/c/5cd99d5aa3d39086bdb53eb5c52df16e98b101a0 Patch
https://git.kernel.org/stable/c/880ef748e78a1eb7df2d8e11a9ef21e98bcaabe5 Patch
https://git.kernel.org/stable/c/9535e440fe5bc6c5ac7cfb407e53bf788b8bf8d4 Patch
https://git.kernel.org/stable/c/97df495d754116c8c28ac6a4112f831727bde887 Patch
https://git.kernel.org/stable/c/9bbfe83924946552c4c513099c0e8c83af76311a Patch
https://git.kernel.org/stable/c/a509a55f8eecc8970b3980c6f06886bbff0e2f68 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38577, you might also want to check these: