Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38273

In the Linux kernel, the following vulnerability has been resolved:

net: tipc: fix refcount warning in tipc_aead_encrypt

syzbot reported a refcount warning 1 caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup.

The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. However, if the namespace is already being destroyed, its refcount might be zero, leading to the use-after-free warning.

Replace get_net() with maybe_get_net(), which safely checks if the refcount is non-zero before incrementing it. If the namespace is being destroyed, return -ENODEV early, after releasing the bearer reference.

  • Published: Jul 10, 2025
  • Updated: Dec 19, 2025
  • CVE: CVE-2025-38273
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 6.12.31 6.12.34
linux / linux_kernel 6.14.9 6.15
linux / linux_kernel 6.15.1 6.15.3
linux / linux_kernel 5.10.238 5.10.238.x
linux / linux_kernel 5.15.185 5.15.185.x
linux / linux_kernel 6.1.141 6.1.141.x
linux / linux_kernel 6.6.93 6.6.93.x
linux / linux_kernel 6.15 6.15.x
debian / debian_linux 11.0 11.0.x