ASB-A-436201996

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-436201996.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-436201996

Aliases

A-436201996
CVE-2025-38500

Published

2025-12-01T00:00:00Z

Modified

2026-01-26T16:50:17.588001Z

Summary

[none]

Details

In xfrmichangelink of xfrminterface_core.c, there is a possible use after free due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2025-12-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "severity": "Moderate",
    "types": [
        "EoP"
    ],
    "spl": "2025-12-05",
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4",
        "https://android.googlesource.com/kernel/common/+/bfebdb85496e1da21d3cf05de099210915c3e706"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "id": "ASB-A-436201996-49563ff2",
            "digest": {
                "function_hash": "101386572577774279141785367962780376593",
                "length": 682.0
            },
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/bfebdb85496e1da21d3cf05de099210915c3e706",
            "target": {
                "function": "xfrmi_changelink",
                "file": "net/xfrm/xfrm_interface_core.c"
            },
            "signature_version": "v1"
        },
        {
            "deprecated": false,
            "id": "ASB-A-436201996-e2d81beb",
            "digest": {
                "function_hash": "101386572577774279141785367962780376593",
                "length": 682.0
            },
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4",
            "target": {
                "function": "xfrmi_changelink",
                "file": "net/xfrm/xfrm_interface_core.c"
            },
            "signature_version": "v1"
        },
        {
            "deprecated": false,
            "id": "ASB-A-436201996-ec7299b2",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "251665910003892771853812828010632021349",
                    "218567249839053365318169661685465520025",
                    "28715266386234775550874733668135609724",
                    "9052779957901998673224515260051326068",
                    "66360540548241684469203684994685099719",
                    "56096645851349090778449293958584703143",
                    "174180228856989362291459673884566681692",
                    "8486616004530612224040872841152961603",
                    "287301522705319283045177362682993059724",
                    "259636837053541055601193816975929404724",
                    "319990410815632196029352401505637333036",
                    "307442544394176117815473839175305384137"
                ]
            },
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/a8d4748b954584ab7bd800f1a4e46d5b0eeb5ce4",
            "target": {
                "file": "net/xfrm/xfrm_interface_core.c"
            },
            "signature_version": "v1"
        },
        {
            "deprecated": false,
            "id": "ASB-A-436201996-f6a7dc78",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "251665910003892771853812828010632021349",
                    "218567249839053365318169661685465520025",
                    "28715266386234775550874733668135609724",
                    "9052779957901998673224515260051326068",
                    "66360540548241684469203684994685099719",
                    "56096645851349090778449293958584703143",
                    "174180228856989362291459673884566681692",
                    "8486616004530612224040872841152961603",
                    "287301522705319283045177362682993059724",
                    "259636837053541055601193816975929404724",
                    "319990410815632196029352401505637333036",
                    "307442544394176117815473839175305384137"
                ]
            },
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/bfebdb85496e1da21d3cf05de099210915c3e706",
            "target": {
                "file": "net/xfrm/xfrm_interface_core.c"
            },
            "signature_version": "v1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-436201996.json"