CVE-2025-38536
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: airoha: fix potential use-after-free in airoha_npu_get()
np->name was being used after calling of_node_put(np), which releases the node and can lead to a use-after-free bug. Previously, of_node_put(np) was called unconditionally after of_find_device_by_node(np), which could result in a use-after-free if pdev is NULL.
This patch moves of_node_put(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 23290c7bc190def4e1ca61610992d9b7c32e33f3 < df6bf96b41e547e350667bc4c143be53646d070d | affected |
| Linux | Linux | 23290c7bc190def4e1ca61610992d9b7c32e33f3 < 3cd582e7d0787506990ef0180405eb6224fa90a6 | affected |
| Linux | Linux | 6.15 | affected |
| Linux | Linux | 0 < 6.15 | unaffected |
| Linux | Linux | 6.15.8 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d
- https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.