CVE-2025-38079
Linux Kernel Double Free in algif_hash Crypto Extension
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.
INFO
Published Date :
June 18, 2025, 10:15 a.m.
Last Modified :
June 18, 2025, 1:46 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-38079.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-38079 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-38079 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 18, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error. Added Reference https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967 Added Reference https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993 Added Reference https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896 Added Reference https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633 Added Reference https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6 Added Reference https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf Added Reference https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547 Added Reference https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-38079 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-38079
weaknesses.