Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Airoha NPU Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Airoha NPU support. The issue arises in the 'airoha_npu_get' function, where the device node's name is accessed after the node has been released, creating a potential use-after-free condition. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by calling the 'airoha_npu_get' function with a device node that has been released. The function will attempt to access the node's name after it has been freed, leading to a use-after-free condition.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Aug 16, 2025, 12:36 PM
Updated: Aug 16, 2025, 12:36 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.