{"id":"CVE-2025-38536","summary":"net: airoha: fix potential use-after-free in airoha_npu_get()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: fix potential use-after-free in airoha_npu_get()\n\nnp-\u003ename was being used after calling of_node_put(np), which\nreleases the node and can lead to a use-after-free bug.\nPreviously, of_node_put(np) was called unconditionally after\nof_find_device_by_node(np), which could result in a use-after-free if\npdev is NULL.\n\nThis patch moves of_node_put(np) after the error check to ensure\nthe node is only released after both the error and success cases\nare handled appropriately, preventing potential resource issues.","modified":"2026-04-02T12:48:01.068479Z","published":"2025-08-16T11:12:28.627Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38536.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3cd582e7d0787506990ef0180405eb6224fa90a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df6bf96b41e547e350667bc4c143be53646d070d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38536.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38536"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"23290c7bc190def4e1ca61610992d9b7c32e33f3"},{"fixed":"df6bf96b41e547e350667bc4c143be53646d070d"},{"fixed":"3cd582e7d0787506990ef0180405eb6224fa90a6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38536.json"}}],"schema_version":"1.7.5"}