-

CVE-2025-38536

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: fix potential use-after-free in airoha_npu_get()

np->name was being used after calling of_node_put(np), which
releases the node and can lead to a use-after-free bug.
Previously, of_node_put(np) was called unconditionally after
of_find_device_by_node(np), which could result in a use-after-free if
pdev is NULL.

This patch moves of_node_put(np) after the error check to ensure
the node is only released after both the error and success cases
are handled appropriately, preventing potential resource issues.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < df6bf96b41e547e350667bc4c143be53646d070d
Version 23290c7bc190def4e1ca61610992d9b7c32e33f3
Status affected
Version < 3cd582e7d0787506990ef0180405eb6224fa90a6
Version 23290c7bc190def4e1ca61610992d9b7c32e33f3
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.15
Status affected
Version < 6.15
Version 0
Status unaffected
Version <= 6.15.*
Version 6.15.8
Status unaffected
Version <= *
Version 6.16
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.057
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String