#VU113242 Use-after-free in Linux kernel - CVE-2025-38445


Vulnerability identifier: #VU113242

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38445

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/12b00ec99624f8da8c325f2dd6e807df26df0025
https://git.kernel.org/stable/c/48da050b4f54ed639b66278d0ae6f4107b2c4e2d
https://git.kernel.org/stable/c/5f35e48b76655e45522df338876dfef88dafcc71
https://git.kernel.org/stable/c/61fd5e93006cf82ec8ee5c115ab5cf4bbd104bdb
https://git.kernel.org/stable/c/776e6186dc9ecbdb8a1b706e989166c8a99bbf64
https://git.kernel.org/stable/c/d67ed2ccd2d1dcfda9292c0ea8697a9d0f2f0d98
https://git.kernel.org/stable/c/d8a6853d00fbaa810765c8ed2f452a5832273968
https://git.kernel.org/stable/c/df5894014a92ff0196dbc212a7764e97366fd2b7

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Ubuntu update for linux-azure
Ubuntu update for linux-gcp-6.14
Ubuntu update for linux-aws-6.14
Ubuntu update for linux
Ubuntu update for linux-realtime-6.14
Ubuntu update for linux-oem-6.14
Anolis OS update for kernel:6.6
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel