CVE-2025-38464: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38464 is a use-after-free vulnerability discovered in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem, specifically in the tipcconnclose() function. The vulnerability was identified and reported by syzbot on July 25, 2025, affecting various versions of the Linux kernel (NVD, RedHat).

The vulnerability occurs during network namespace dismantling where tipctopsrvstop() iterates through tipcnet(net)->topsrv->connidr and calls tipcconnclose() for each tipcconn after releasing the IDR lock. This creates a race condition with tipcconnrecvwork(), which could simultaneously call tipcconnclose() for the same tipcconn and release its last ->kref. The issue manifests as a null-pointer dereference in tipcconn_close() during netns dismantling, with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H) (RedHat).

The vulnerability can lead to kernel crashes or potential memory corruption when exploited. It affects multiple Linux distributions including Red Hat Enterprise Linux 8, 9, and 10, with both standard and RT kernel versions. The bug can be triggered by unprivileged users with access to user and network namespaces, making it particularly concerning for systems that allow unprivileged namespace creation (RedHat).

To mitigate this vulnerability, system administrators can prevent the TIPC module from being loaded. Red Hat recommends blacklisting the kernel module to prevent it from loading automatically. For specific instructions, users can refer to Red Hat's solution guide (RedHat).