Vulnerability cyber

Google

Aug 4, 2025 1 min read
Google

Researchers exploited a previously unknown Use-After-Free (UAF) vulnerability in the Linux HFSC queuing discipline to compromise all Google kernelCTF instances (LTS, COS, and mitigation) as well as fully patched Debian 12 systems. The vulnerability, designated as CVE-2025-38001, involved a logic flaw in hfsc_enqueue() and NETEM’s packet duplication bug, leading to an infinite RBTree loop and subsequent UAF condition. The attackers were able to achieve root access on Debian 12 and all Google kernelCTF instances, highlighting the importance of manual code reviews along with automated fuzzing.

Source: https://cybersecuritynews.com/exploit-google-kernelctf-instances/

TPRM report: https://scoringcyber.rankiteo.com/company/google

"id": "goo726080425",
"linkid": "google",
"type": "Vulnerability",
"date": "8/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Google',
                        'type': 'Technology Company'}],
 'attack_vector': 'Use-After-Free (UAF) vulnerability in the Linux HFSC '
                  'queuing discipline',
 'description': 'Researchers exploited CVE-2025-38001—a previously unknown '
                'Use-After-Free (UAF) vulnerability in the Linux HFSC queuing '
                'discipline—to compromise all Google kernelCTF instances (LTS, '
                'COS, and mitigation) as well as fully patched Debian 12 '
                'systems. Their work netted an estimated $82,000 in cumulative '
                'bounties and underscores the continuing importance of '
                'in-depth code auditing beyond automated fuzzing.',
 'impact': {'financial_loss': 'Estimated $82,000 in cumulative bounties',
            'systems_affected': ['Google kernelCTF instances',
                                 'Debian 12 systems']},
 'lessons_learned': 'The exploit highlights the importance of in-depth code '
                    'auditing beyond automated fuzzing, particularly in '
                    'complex subsystems like traffic control.',
 'motivation': 'Security Research and Bounty',
 'post_incident_analysis': {'corrective_actions': 'Patch deployed in commit '
                                                  'ac9fe7dd8e730a103ae4481147395cc73492d786',
                            'root_causes': 'Logic flaw in hfsc_enqueue() and '
                                           'NETEM’s packet duplication bug'},
 'recommendations': 'Kernel maintainers and distribution vendors are urged to '
                    'ensure timely deployment of the fix, while researchers '
                    'should continue to complement automated fuzzing with '
                    'manual code reviews.',
 'response': {'remediation_measures': 'Patched in commit '
                                      'ac9fe7dd8e730a103ae4481147395cc73492d786'},
 'threat_actor': ['D3vil', 'FizzBuzz101'],
 'title': 'Linux Kernel Root Exploit via CVE-2025-38001',
 'type': 'Vulnerability Exploit',
 'vulnerability_exploited': 'CVE-2025-38001'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

FUJIFILM

public 1 min read
A critical security vulnerability affecting multiple FUJIFILM printer models could allow attackers to trigger denial-of-service (DoS) conditions through malicious network…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.