{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38490","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.021Z","datePublished":"2025-07-28T11:21:54.009Z","dateUpdated":"2026-05-11T21:29:01.421Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:29:01.421Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: remove duplicate page_pool_put_full_page()\n\npage_pool_put_full_page() should only be invoked when freeing Rx buffers\nor building a skb if the size is too short. At other times, the pages\nneed to be reused. So remove the redundant page put. In the original\ncode, double free pages cause kernel panic:\n\n[  876.949834]  __irq_exit_rcu+0xc7/0x130\n[  876.949836]  common_interrupt+0xb8/0xd0\n[  876.949838]  </IRQ>\n[  876.949838]  <TASK>\n[  876.949840]  asm_common_interrupt+0x22/0x40\n[  876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420\n[  876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d\n[  876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246\n[  876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000\n[  876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e\n[  876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed\n[  876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580\n[  876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000\n[  876.949852]  ? cpuidle_enter_state+0xb3/0x420\n[  876.949855]  cpuidle_enter+0x29/0x40\n[  876.949857]  cpuidle_idle_call+0xfd/0x170\n[  876.949859]  do_idle+0x7a/0xc0\n[  876.949861]  cpu_startup_entry+0x25/0x30\n[  876.949862]  start_secondary+0x117/0x140\n[  876.949864]  common_startup_64+0x13e/0x148\n[  876.949867]  </TASK>\n[  876.949868] ---[ end trace 0000000000000000 ]---\n[  876.949869] ------------[ cut here ]------------\n[  876.949870] list_del corruption, ffffead40445a348->next is NULL\n[  876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120\n[  876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)\n[  876.949914]  i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi\n[  876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G        W   E       6.16.0-rc2+ #20 PREEMPT(voluntary)\n[  876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE\n[  876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n[  876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120\n[  876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8\n[  876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282\n[  876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000\n[  876.949942] RDX: 0000000000000105 RSI: 00000\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/wangxun/libwx/wx_lib.c","drivers/net/ethernet/wangxun/libwx/wx_type.h"],"versions":[{"version":"3c47e8ae113a68da47987750d9896e325d0aeedd","lessThan":"3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa","status":"affected","versionType":"git"},{"version":"3c47e8ae113a68da47987750d9896e325d0aeedd","lessThan":"08d18bda0d03f5ec376929a8c6c4495f9594593a","status":"affected","versionType":"git"},{"version":"3c47e8ae113a68da47987750d9896e325d0aeedd","lessThan":"003e4765d8661be97e650a833868c53d35574130","status":"affected","versionType":"git"},{"version":"3c47e8ae113a68da47987750d9896e325d0aeedd","lessThan":"1b7e585c04cd5f0731dd25ffd396277e55fae0e6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/wangxun/libwx/wx_lib.c","drivers/net/ethernet/wangxun/libwx/wx_type.h"],"versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","status":"unaffected","versionType":"semver"},{"version":"6.6.100","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.40","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.8","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.12.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.15.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa"},{"url":"https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a"},{"url":"https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130"},{"url":"https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6"}],"title":"net: libwx: remove duplicate page_pool_put_full_page()","x_generator":{"engine":"bippy-1.2.0"}}}}