CVE-2025-38087

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fix use-after-free in taprio_dev_notifier

Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free.

Adding rcu_read_lock() inside taprio_dev_notifier() prevents this.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfed87cc6718ad5f80aa739fee3c5979a8b09d3a6 < 8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69caffected
LinuxLinuxfed87cc6718ad5f80aa739fee3c5979a8b09d3a6 < 8a008c89e5e5c5332e4c0a33d707db9ddd529f8aaffected
LinuxLinuxfed87cc6718ad5f80aa739fee3c5979a8b09d3a6 < b1547d28ba468bc3b88764efd13e4319bab63be8affected
LinuxLinuxfed87cc6718ad5f80aa739fee3c5979a8b09d3a6 < b160766e26d4e2e2d6fe2294e0b02f92baefcec5affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.6.95 <= 6.6.*unaffected
LinuxLinux6.12.35 <= 6.12.*unaffected
LinuxLinux6.15.4 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References