CVE - CVE-2025-38273

CVE-ID
CVE-2025-38273	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. However, if the namespace is already being destroyed, its refcount might be zero, leading to the use-after-free warning. Replace get_net() with maybe_get_net(), which safely checks if the refcount is non-zero before incrementing it. If the namespace is being destroyed, return -ENODEV early, after releasing the bearer reference. [1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/307391e8fe70401a6d39ecc9978e13c2c0cdf81f URL:https://git.kernel.org/stable/c/307391e8fe70401a6d39ecc9978e13c2c0cdf81f MISC:https://git.kernel.org/stable/c/445d59025d76d0638b03110f8791d5b89ed5162d URL:https://git.kernel.org/stable/c/445d59025d76d0638b03110f8791d5b89ed5162d MISC:https://git.kernel.org/stable/c/9ff60e0d9974dccf24e89bcd3ee7933e538d929f URL:https://git.kernel.org/stable/c/9ff60e0d9974dccf24e89bcd3ee7933e538d929f MISC:https://git.kernel.org/stable/c/acab7ca5ff19889b80a8ee7dec220ee1a96dede9 URL:https://git.kernel.org/stable/c/acab7ca5ff19889b80a8ee7dec220ee1a96dede9 MISC:https://git.kernel.org/stable/c/c762fc79d710d676b793f9d98b1414efe6eb51e6 URL:https://git.kernel.org/stable/c/c762fc79d710d676b793f9d98b1414efe6eb51e6 MISC:https://git.kernel.org/stable/c/e0b11227c4e8eb4bdf1b86aa8f0f3abb24e0f029 URL:https://git.kernel.org/stable/c/e0b11227c4e8eb4bdf1b86aa8f0f3abb24e0f029 MISC:https://git.kernel.org/stable/c/f29ccaa07cf3d35990f4d25028cc55470d29372b URL:https://git.kernel.org/stable/c/f29ccaa07cf3d35990f4d25028cc55470d29372b
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)