CVE-2025-38022

UNKNOWN 0.0

RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 strlen+0x93/0xa0 lib/string.c:420 __fortify_strlen include/linux/fortify-string.h:268 [inline] get_kobj_path_length lib/kobject.c:118 [inline] kobject_get_path+0x3f/0x2a0 lib/kobject.c:158 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545 ib_register_device drivers/infiniband/core/device.c:1472 [inline] ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393 rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552 rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225 nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796 rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620 __sys_sendmsg+0x16d/0x220 net/socket.c:2652 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f This problem is similar to the problem that the commit 1d6a9e7449e2 ("RDMA/core: Fix use-after-free when rename device name") fixes. The root cause is: the function ib_device_rename() renames the name with lock. But in the function kobject_uevent(), this name is accessed without lock protection at the same time. The solution is to add the lock protection when this name is accessed in the function kobject_uevent().

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 18, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

53e9a5a692f839780084ad81dbd461ec917f74f7 < ba467b6870ea2a73590478d9612d6ea1dcdd68b7 779e0bf47632c609c59f527f9711ecd3214dccb0 < 5629064f92f0de6d6b3572055cd35361c3ad953c 779e0bf47632c609c59f527f9711ecd3214dccb0 < 312dae3499106ec8cb7442ada12be080aa9fbc3b 779e0bf47632c609c59f527f9711ecd3214dccb0 < 17d3103325e891e10994e7aa28d12bea04dc2c60 779e0bf47632c609c59f527f9711ecd3214dccb0 < 10c7f1c647da3b77ef8827d974a97b6530b64df0 779e0bf47632c609c59f527f9711ecd3214dccb0 < 03df57ad4b0ff9c5a93ff981aba0b42578ad1571 779e0bf47632c609c59f527f9711ecd3214dccb0 < d0706bfd3ee40923c001c6827b786a309e2a8713 9b54e31fd08f8d8db507d021c88e760d5f8e4640

Linux / Linux

5.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/ba467b6870ea2a73590478d9612d6ea1dcdd68b7 git.kernel.org: https://git.kernel.org/stable/c/5629064f92f0de6d6b3572055cd35361c3ad953c git.kernel.org: https://git.kernel.org/stable/c/312dae3499106ec8cb7442ada12be080aa9fbc3b git.kernel.org: https://git.kernel.org/stable/c/17d3103325e891e10994e7aa28d12bea04dc2c60 git.kernel.org: https://git.kernel.org/stable/c/10c7f1c647da3b77ef8827d974a97b6530b64df0 git.kernel.org: https://git.kernel.org/stable/c/03df57ad4b0ff9c5a93ff981aba0b42578ad1571 git.kernel.org: https://git.kernel.org/stable/c/d0706bfd3ee40923c001c6827b786a309e2a8713