#VU114799 Use-after-free in Linux kernel - CVE-2025-38724
Published: September 4, 2025
Vulnerability identifier: #VU114799
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38724
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/22f45cedf281e6171817c8a3432c44d788c550e1
- https://git.kernel.org/stable/c/36e83eda90e0e4ac52f259f775b40b2841f8a0a3
- https://git.kernel.org/stable/c/3f252a73e81aa01660cb426735eab932e6182e8d
- https://git.kernel.org/stable/c/571a5e46c71490285d2d8c06f6b5a7cbf6c7edd1
- https://git.kernel.org/stable/c/74ad36ed60df561a303a19ecef400c7096b20306
- https://git.kernel.org/stable/c/908e4ead7f757504d8b345452730636e298cbf68
- https://git.kernel.org/stable/c/d35ac850410966010e92f401f4e21868a9ea4d8b
- https://git.kernel.org/stable/c/d71abd1ae4e0413707cd42b10c24a11d1aa71772
- https://git.kernel.org/stable/c/f3aac6cf390d8b80e1d82975faf4ac61175519c0