CVE-2025-38137

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: (a) forcing rescan_work_func() to take a long time and (b) utilizing a pwrctrl driver that may be unloaded for some reason Cancel outstanding work to ensure it is finished before we allow our data structures to be cleaned up. [bhelgaas: tidy commit log]

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb	Patch
https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:-::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc7::::::

History

20 Nov 2025, 20:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416
CPE		cpe:2.3:o:linux:linux_kernel:6.11:-:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc7::::::
References	~~() https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb -~~	() https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb - Patch
References	~~() https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5 -~~	() https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5 - Patch
First Time		Linux linux Kernel Linux

Information

Published : 2025-07-03 09:15

Updated : 2025-11-20 20:11

NVD link : CVE-2025-38137

Mitre link : CVE-2025-38137

CVE.ORG link : CVE-2025-38137

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2025-38137", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-07-03T09:15:28.240", "references": [{"url": "https://git.kernel.org/stable/c/8b926f237743f020518162c62b93cb7107a2b5eb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b3ad6d23fec23fbef382ce9ea640c37446593cf5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt's possible to trigger use-after-free here by:\n\n (a) forcing rescan_work_func() to take a long time and\n (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/pwrctrl: Cancelar el trabajo de reescaneo pendiente al anular el registro Es posible activar el use-after-free aqu\u00ed: (a) forzando a rescan_work_func() a tomar mucho tiempo y (b) utilizando un controlador pwrctrl que puede estar descargado por alguna raz\u00f3n Cancelar el trabajo pendiente para asegurar que est\u00e9 terminado antes de que permitamos que se limpien nuestras estructuras de datos. [bhelgaas: tidy commit log]"}], "lastModified": "2025-11-20T20:11:34.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58C8CF80-7D33-4840-AC37-5D7E19FFE98E", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.11.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4770BA57-3F3F-493B-8608-EC3B25254949"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5298B3-04B4-4F3E-B186-01A58B5C75A6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}