Use-after-free in Linux kernel can
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-38003 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU110680
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_proc_show(), bcm_delete_rx_op(), bcm_delete_tx_op() and bcm_rx_setup() functions in net/can/bcm.c. A local user can escalate privileges on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
