VDB
CVE-2025-38536
CVE-2025-38536
PUBLISHED
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases the node and can lead to a use-after-free bug. Previously, of_node_put(np) was called unconditionally after of_find_device_by_node(np), which could result in a use-after-free if pdev is NULL. This patch moves of_node_put(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues.
EPSS 0.03% · 8.7th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.03%
8.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 23290c7bc190def4e1ca61610992d9b7c32e33f3, 23290c7bc190def4e1ca61610992d9b7c32e33f3, 6.15 |
| linux | linux_kernel | 6.16, 6.15, 6.16 |
Exploit Intelligence
- https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d (circl)
- https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6 (circl)
- TestCaseRule-CVE-2025-38499.yara (github-yara)
- TestCaseRule-CVE-2025-38499.yara (github-yara)
- TestCaseRule-CVE-2025-38499.yara (github-yara)
- TestCaseRule-CVE-2025-38499.yara (github-yara)
- TestCaseRule-CVE-2025-38499.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
…and 7 more exploits
Timeline
- Aug 16, 2025 EPSS Score
- Aug 16, 2025 CVE Published
- Aug 24, 2025 EPSS Score
- Sep 1, 2025 EPSS Score
- Sep 10, 2025 EPSS Score
- Sep 18, 2025 EPSS Score
- Sep 26, 2025 EPSS Score
- Oct 4, 2025 EPSS Score
- Oct 12, 2025 EPSS Score
- Oct 12, 2025 PoC Published
- Oct 20, 2025 EPSS Score
- Oct 29, 2025 EPSS Score