#VU112180 Use-after-free in Linux kernel - CVE-2025-38109


Vulnerability identifier: #VU112180

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38109

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/24db585d369f949f698e03d7d8017e5ae19d0497
https://git.kernel.org/stable/c/5953ae44dfe5dbad374318875be834c3b7b71ee6
https://git.kernel.org/stable/c/687560d8a9a2d654829ad0da1ec24242f1de711d
https://git.kernel.org/stable/c/da15ca0553325acf68039015f2f4db750c8e2b96

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Anolis OS update for kernel:6.6
Ubuntu update for linux-raspi
Ubuntu update for linux-oracle-6.14
SUSE update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
SUSE update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
SUSE update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
SUSE update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)