{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T04:47:42.708","vulnerabilities":[{"cve":{"id":"CVE-2025-38076","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-06-18T10:15:41.110","lastModified":"2025-11-14T20:17:41.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nalloc_tag: allocate percpu counters for module tags dynamically\n\nWhen a module gets unloaded it checks whether any of its tags are still in\nuse and if so, we keep the memory containing module's allocation tags\nalive until all tags are unused.  However percpu counters referenced by\nthe tags are freed by free_module().  This will lead to UAF if the memory\nallocated by a module is accessed after module was unloaded.\n\nTo fix this we allocate percpu counters for module allocation tags\ndynamically and we keep it alive for tags which are still in use after\nmodule unloading.  This also removes the requirement of a larger\nPERCPU_MODULE_RESERVE when memory allocation profiling is enabled because\npercpu memory for counters does not need to be reserved anymore."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: alloc_tag: asignar contadores por CPU para etiquetas de módulo dinámicamente Cuando se descarga un módulo, este verifica si alguna de sus etiquetas aún está en uso y, de ser así, mantenemos activa la memoria que contiene las etiquetas de asignación del módulo hasta que todas las etiquetas estén sin usar. Sin embargo, los contadores por CPU referenciados por las etiquetas son liberados por free_module(). Esto conducirá a UAF si se accede a la memoria asignada por un módulo después de que el módulo se haya descargado. Para corregir esto, asignamos contadores por CPU para etiquetas de asignación de módulo dinámicamente y los mantenemos activos para las etiquetas que aún están en uso después de la descarga del módulo. Esto también elimina el requisito de un PERCPU_MODULE_RESERVE más grande cuando el perfil de asignación de memoria está habilitado porque la memoria por CPU para los contadores ya no necesita reservarse."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.9","matchCriteriaId":"A9B72DD1-715C-4101-A720-1C8D70044C06"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*","matchCriteriaId":"13FC0DDE-E513-465E-9E81-515702D49B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*","matchCriteriaId":"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*","matchCriteriaId":"2D240580-3048-49B2-9E27-F115A9DF8224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*","matchCriteriaId":"90320558-E553-4EF5-8A0B-0F5D20113BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:*","matchCriteriaId":"C300BA32-5854-4B59-A00A-18A402F291D0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12ca42c237756182aad8ab04654c952765cb9061","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3cc733e6d96c938d2b82be96858a0ab900eb6fdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}