CVE-2025-38087: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38087 is a use-after-free vulnerability discovered in the Linux kernel's networking scheduler component, specifically affecting the tapriodevnotifier functionality. The vulnerability was disclosed on June 30, 2025, and impacts the net/sched subsystem of the Linux kernel (NVD Database, Wiz Database).

The vulnerability stems from taprio's tapriodevnotifier() function not being protected by an RCU read-side critical section, which can lead to a race condition with advancesched(). This creates a potential use-after-free scenario in the kernel's networking scheduler. The issue was resolved by adding rcureadlock() inside tapriodev_notifier() (Debian Tracker, Wiz Database).

The vulnerability affects various Linux kernel versions, with confirmed impacts on Debian distributions including trixie and sid versions 6.12.33-1. Earlier versions like bullseye (5.10.223-1) and bookworm (6.1.137-1) have been fixed. Ubuntu distributions 22.04, 24.04, 24.10, and 25.04 are also affected with medium severity (Ubuntu Security, Wiz Database).

Fixed versions have been released for several Debian distributions: bullseye (5.10.237-1) and bookworm (6.1.140-1). The fix involves adding proper RCU read-side protection in the tapriodevnotifier function. For affected systems, updating to the patched versions is recommended (Debian Tracker).