{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38022","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.977Z","datePublished":"2025-06-18T09:28:29.218Z","dateUpdated":"2026-05-11T21:19:48.030Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:19:48.030Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem\n\nCall Trace:\n\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n strlen+0x93/0xa0 lib/string.c:420\n __fortify_strlen include/linux/fortify-string.h:268 [inline]\n get_kobj_path_length lib/kobject.c:118 [inline]\n kobject_get_path+0x3f/0x2a0 lib/kobject.c:158\n kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545\n ib_register_device drivers/infiniband/core/device.c:1472 [inline]\n ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393\n rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552\n rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225\n nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796\n rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195\n rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n __sys_sendmsg+0x16d/0x220 net/socket.c:2652\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThis problem is similar to the problem that the\ncommit 1d6a9e7449e2 (\"RDMA/core: Fix use-after-free when rename device name\")\nfixes.\n\nThe root cause is: the function ib_device_rename() renames the name with\nlock. But in the function kobject_uevent(), this name is accessed without\nlock protection at the same time.\n\nThe solution is to add the lock protection when this name is accessed in\nthe function kobject_uevent()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/core/device.c"],"versions":[{"version":"53e9a5a692f839780084ad81dbd461ec917f74f7","lessThan":"ba467b6870ea2a73590478d9612d6ea1dcdd68b7","status":"affected","versionType":"git"},{"version":"779e0bf47632c609c59f527f9711ecd3214dccb0","lessThan":"5629064f92f0de6d6b3572055cd35361c3ad953c","status":"affected","versionType":"git"},{"version":"779e0bf47632c609c59f527f9711ecd3214dccb0","lessThan":"312dae3499106ec8cb7442ada12be080aa9fbc3b","status":"affected","versionType":"git"},{"version":"779e0bf47632c609c59f527f9711ecd3214dccb0","lessThan":"17d3103325e891e10994e7aa28d12bea04dc2c60","status":"affected","versionType":"git"},{"version":"779e0bf47632c609c59f527f9711ecd3214dccb0","lessThan":"10c7f1c647da3b77ef8827d974a97b6530b64df0","status":"affected","versionType":"git"},{"version":"779e0bf47632c609c59f527f9711ecd3214dccb0","lessThan":"03df57ad4b0ff9c5a93ff981aba0b42578ad1571","status":"affected","versionType":"git"},{"version":"779e0bf47632c609c59f527f9711ecd3214dccb0","lessThan":"d0706bfd3ee40923c001c6827b786a309e2a8713","status":"affected","versionType":"git"},{"version":"9b54e31fd08f8d8db507d021c88e760d5f8e4640","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/core/device.c"],"versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.30","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.8","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.4","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.12.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.14.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.86"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ba467b6870ea2a73590478d9612d6ea1dcdd68b7"},{"url":"https://git.kernel.org/stable/c/5629064f92f0de6d6b3572055cd35361c3ad953c"},{"url":"https://git.kernel.org/stable/c/312dae3499106ec8cb7442ada12be080aa9fbc3b"},{"url":"https://git.kernel.org/stable/c/17d3103325e891e10994e7aa28d12bea04dc2c60"},{"url":"https://git.kernel.org/stable/c/10c7f1c647da3b77ef8827d974a97b6530b64df0"},{"url":"https://git.kernel.org/stable/c/03df57ad4b0ff9c5a93ff981aba0b42578ad1571"},{"url":"https://git.kernel.org/stable/c/d0706bfd3ee40923c001c6827b786a309e2a8713"}],"title":"RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem","x_generator":{"engine":"bippy-1.2.0"}}}}