CVE-2025-38550

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-38550
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/5f18e0130194550dff734e155029ae734378b5ea Patch
https://git.kernel.org/stable/c/6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806 Patch
https://git.kernel.org/stable/c/728db00a14cacb37f36e9382ab5fad55caf890cc Patch
https://git.kernel.org/stable/c/7929d27c747eafe8fca3eecd74a334503ee4c839 Patch
https://git.kernel.org/stable/c/ae3264a25a4635531264728859dbe9c659fad554 Patch
https://git.kernel.org/stable/c/dcbc346f50a009d8b7f4e330f9f2e22d6442fa26 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

07 Jan 2026, 18:32

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Linux
Debian
Debian debian Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/5f18e0130194550dff734e155029ae734378b5ea - () https://git.kernel.org/stable/c/5f18e0130194550dff734e155029ae734378b5ea - Patch
References () https://git.kernel.org/stable/c/6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806 - () https://git.kernel.org/stable/c/6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806 - Patch
References () https://git.kernel.org/stable/c/728db00a14cacb37f36e9382ab5fad55caf890cc - () https://git.kernel.org/stable/c/728db00a14cacb37f36e9382ab5fad55caf890cc - Patch
References () https://git.kernel.org/stable/c/7929d27c747eafe8fca3eecd74a334503ee4c839 - () https://git.kernel.org/stable/c/7929d27c747eafe8fca3eecd74a334503ee4c839 - Patch
References () https://git.kernel.org/stable/c/ae3264a25a4635531264728859dbe9c659fad554 - () https://git.kernel.org/stable/c/ae3264a25a4635531264728859dbe9c659fad554 - Patch
References () https://git.kernel.org/stable/c/dcbc346f50a009d8b7f4e330f9f2e22d6442fa26 - () https://git.kernel.org/stable/c/dcbc346f50a009d8b7f4e330f9f2e22d6442fa26 - Patch
References () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory, Mailing List

03 Nov 2025, 18:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

28 Aug 2025, 15:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806 -

18 Aug 2025, 20:16

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: mcast: Retraso en la colocación de pmc->idev en mld_del_delrec() pmc->idev todavía se usa en ip6_mc_clear_src(), por lo que, como lo hace mld_clear_delrec(), la referencia se debe colocar después del retorno de ip6_mc_clear_src().

16 Aug 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-16 12:15

Updated : 2026-01-07 18:32

NVD link : CVE-2025-38550

Mitre link : CVE-2025-38550

CVE.ORG link : CVE-2025-38550

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
NVD-CWE-noinfo