SB2025072719 - Use-after-free in Linux kernel acpi acpica driver
Published: July 27, 2025
Security Bulletin ID
SB2025072719
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/18ff4ed6a33a7e3f2097710eacc96bea7696e803
- https://git.kernel.org/stable/c/2219e49857ffd6aea1b1ca5214d3270f84623a16
- https://git.kernel.org/stable/c/4305d936abde795c2ef6ba916de8f00a50f64d2d
- https://git.kernel.org/stable/c/6fcab2791543924d438e7fa49276d0998b0a069f
- https://git.kernel.org/stable/c/ab1e8491c19eb2ea0fda81ef28e841c7cb6399f5
- https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a239c454cdab426f1
- https://git.kernel.org/stable/c/c9e4da550ae196132b990bd77ed3d8f2d9747f87
- https://git.kernel.org/stable/c/d547779e72cea9865b732cd45393c4cd02b3598e