CVE-2025-38536

{"id": "CVE-2025-38536", "cveTags": [], "metrics": {}, "published": "2025-08-16T12:15:29.347", "references": [{"url": "https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: fix potential use-after-free in airoha_npu_get()\n\nnp->name was being used after calling of_node_put(np), which\nreleases the node and can lead to a use-after-free bug.\nPreviously, of_node_put(np) was called unconditionally after\nof_find_device_by_node(np), which could result in a use-after-free if\npdev is NULL.\n\nThis patch moves of_node_put(np) after the error check to ensure\nthe node is only released after both the error and success cases\nare handled appropriately, preventing potential resource issues."}], "lastModified": "2025-08-16T12:15:29.347", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}