CVE-2025-38536
- Source
- https://cve.org/CVERecord?id=CVE-2025-38536
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38536.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38536
- Downstream
- Published
- 2025-08-16T11:12:28.627Z
- Modified
- 2026-04-02T12:48:01.068479Z
- Summary
- net: airoha: fix potential use-after-free in airoha_npu_get()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: airoha: fix potential use-after-free in airohanpuget()
np->name was being used after calling ofnodeput(np), which releases the node and can lead to a use-after-free bug. Previously, ofnodeput(np) was called unconditionally after offinddevicebynode(np), which could result in a use-after-free if pdev is NULL.
This patch moves ofnodeput(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38536.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6
- https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38536.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38536
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git