[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-38052":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2025-38052","In the Linux kernel, the following vulnerability has been resolved:  net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done  Syzbot reported a slab-use-after-free with the following call trace:    ==================================================================   BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840   Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25    Call Trace:    kasan_report+0xd9/0x110 mm/kasan/report.c:601    tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840    crypto_request_complete include/crypto/algapi.h:266    aead_request_complete include/crypto/internal/aead.h:85    cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772    crypto_request_complete include/crypto/algapi.h:266    cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181    process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231    Allocated by task 8355:    kzalloc_noprof include/linux/slab.h:778    tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466    tipc_init_net+0x2dd/0x430 net/tipc/core.c:72    ops_init+0xb9/0x650 net/core/net_namespace.c:139    setup_net+0x435/0xb40 net/core/net_namespace.c:343    copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508    create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110    unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228    ksys_unshare+0x419/0x970 kernel/fork.c:3323    __do_sys_unshare kernel/fork.c:3394    Freed by task 63:    kfree+0x12a/0x3b0 mm/slub.c:4557    tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539    tipc_exit_net+0x8c/0x110 net/tipc/core.c:119    ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173    cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640    process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231  After freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done may still visit it in cryptd_queue_worker workqueue.  I reproduce this issue by:   ip netns add ns1   ip link add veth1 type veth peer name veth2   ip link set veth1 netns ns1   ip netns exec ns1 tipc bearer enable media eth dev veth1   ip netns exec ns1 tipc node set key this_is_a_master_key master   ip netns exec ns1 tipc bearer disable media eth dev veth1   ip netns del ns1  The key of reproduction is that, simd_aead_encrypt is interrupted, leading to crypto_simd_usable() return false. Thus, the cryptd_queue_worker is triggered, and the tipc_crypto tx will be visited.    tipc_disc_timeout     tipc_bearer_xmit_skb       tipc_crypto_xmit         tipc_aead_encrypt           crypto_aead_encrypt             // encrypt()             simd_aead_encrypt               // crypto_simd_usable() is false               child = &ctx->cryptd_tfm->base;    simd_aead_encrypt     crypto_aead_encrypt       // encrypt()       cryptd_aead_encrypt_enqueue         cryptd_aead_enqueue           cryptd_enqueue_request             // trigger cryptd_queue_worker             queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work)  Fix this by holding net reference count before encrypt.",null,[],[],[],[14],{"_key":15},"CVE-2025-38052",[17,19,21],{"_key":18},"DLA-4327-1",{"_key":20},"DLA-4328-1",{"_key":22},"DSA-5973-1",[],[],"2025-06-18T10:15:37.830Z","2026-04-28T20:29:50.773677Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2025-38052",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[46,65],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,58,61,64],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":57,"fixed_in":9},"lt5_10_244_1",true,"ecosystem","5.10.244-1","excluding",{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":57,"fixed_in":9},"lt6_1_147_1","6.1.147-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},"lt6_12_32_1","6.12.32-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},{"ecosystem":47,"name":66,"vendor":49,"product":66,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":66,"source":9,"versions":67},"linux-6.1",[68],{"version":69,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":57,"fixed_in":9},"lt6_1_153_1~deb11u1","6.1.153-1~deb11u1"]