CVE-2025-38536 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-38536 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases the node and can lead to a use-after-free bug. Previously, of_node_put(np) was called unconditionally after of_find_device_by_node(np), which could result in a use-after-free if pdev is NULL. This patch moves of_node_put(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues.

EPSS 0.02% · 5.5th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.02%

5.5th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	23290c7bc190def4e1ca61610992d9b7c32e33f3, 23290c7bc190def4e1ca61610992d9b7c32e33f3, 6.15
linux	linux_kernel	6.15, 6.15, 6.15

Timeline

Aug 16, 2025 EPSS Score
Aug 16, 2025 CVE Published
Aug 24, 2025 EPSS Score
Aug 31, 2025 EPSS Score
Sep 8, 2025 EPSS Score
Sep 15, 2025 EPSS Score
Sep 23, 2025 EPSS Score
Oct 1, 2025 EPSS Score
Oct 8, 2025 EPSS Score
Oct 12, 2025 PoC Published
Oct 16, 2025 EPSS Score
Oct 24, 2025 EPSS Score

References

Open in Interactive Console →