AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-38349: In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still

highvulnerability

security

Source: NVD/CVE DatabaseJuly 18, 2025CVE-2025-38349

Summary

A Linux kernel bug in epoll (a system for monitoring multiple file descriptors) allows a use-after-free vulnerability (accessing memory that has already been freed) when the reference count is decremented before releasing a mutex (a lock that ensures only one thread accesses code at a time). The problem occurs when multiple threads drop their references nearly simultaneously, allowing one thread to free the memory while another is still using the mutex to clean up.

Solution / Mitigation

Fix this by moving the ep refcount dropping to outside the mutex, since the refcount itself is atomic (thread-safe without locks) and doesn't need mutex protection. As the source states: 'the refcount itself is atomic, and doesn't need mutex protection (that's the whole _point_ of refcounts: unlike mutexes, they are inherently about object lifetimes).'

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-416

CAPEC (Attack Pattern)

CAPEC-233

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-38349

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%