CVE-2025-38175

EPSS 0.03%
Veröffentlicht 04.07.2025 10:39:56
Zuletzt bearbeitet 08.07.2025 16:18:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

binder: fix yet another UAF in binder_devices

Commit e77aff5528a18 ("binderfs: fix use-after-free in binder_devices")
addressed a use-after-free where devices could be released without first
being removed from the binder_devices list. However, there is a similar
path in binder_free_proc() that was missed:

  ==================================================================
  BUG: KASAN: slab-use-after-free in binder_remove_device+0xd4/0x100
  Write of size 8 at addr ffff0000c773b900 by task umount/467
  CPU: 12 UID: 0 PID: 467 Comm: umount Not tainted 6.15.0-rc7-00138-g57483a362741 #9 PREEMPT
  Hardware name: linux,dummy-virt (DT)
  Call trace:
   binder_remove_device+0xd4/0x100
   binderfs_evict_inode+0x230/0x2f0
   evict+0x25c/0x5dc
   iput+0x304/0x480
   dentry_unlink_inode+0x208/0x46c
   __dentry_kill+0x154/0x530
   [...]

  Allocated by task 463:
   __kmalloc_cache_noprof+0x13c/0x324
   binderfs_binder_device_create.isra.0+0x138/0xa60
   binder_ctl_ioctl+0x1ac/0x230
  [...]

  Freed by task 215:
   kfree+0x184/0x31c
   binder_proc_dec_tmpref+0x33c/0x4ac
   binder_deferred_func+0xc10/0x1108
   process_one_work+0x520/0xba4
  [...]
  ==================================================================

Call binder_remove_device() within binder_free_proc() to ensure the
device is removed from the binder_devices list before being kfreed.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 4a7694f499cae5b83412c5281bf2c961f34f2ed6

Version 12d909cac1e1c4147cc3417fee804ee12fc6b984

Status affected

Version < 72a726fb5f25fbb31d6060acfb671c1955831245

Version 12d909cac1e1c4147cc3417fee804ee12fc6b984

Status affected

Version < 9857af0fcff385c75433f2162c30c62eb912ef6d

Version 12d909cac1e1c4147cc3417fee804ee12fc6b984

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version < 6.14

Version 0

Status unaffected

Version <= 6.14.*

Version 6.14.11

Status unaffected

Version <= 6.15.*

Version 6.15.2

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/4a7694f499cae5b83412c5281bf2c961f34f2ed6

https://git.kernel.org/stable/c/72a726fb5f25fbb31d6060acfb671c1955831245

https://git.kernel.org/stable/c/9857af0fcff385c75433f2162c30c62eb912ef6d

https://nvd.nist.gov/vuln/detail/CVE-2025-38175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38175

EUVD