7.8

CVE-2025-38087

net/sched: fix use-after-free in taprio_dev_notifier

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fix use-after-free in taprio_dev_notifier

Since taprio’s taprio_dev_notifier() isn’t protected by an
RCU read-side critical section, a race with advance_sched()
can lead to a use-after-free.

Adding rcu_read_lock() inside taprio_dev_notifier() prevents this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.3 < 6.6.95
LinuxLinux Kernel Version >= 6.7 < 6.12.35
LinuxLinux Kernel Version >= 6.13 < 6.15.4
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.04
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/8c5713ce1ced75f9e9ed5c642ea3d2ba06ead69c
Patch
https://git.kernel.org/stable/c/8a008c89e5e5c5332e4c0a33d707db9ddd529f8a
Patch
https://git.kernel.org/stable/c/b1547d28ba468bc3b88764efd13e4319bab63be8
Patch
https://git.kernel.org/stable/c/b160766e26d4e2e2d6fe2294e0b02f92baefcec5
Patch