CVE-2025-38006
📋 TL;DR
A Linux kernel vulnerability in the MCTP (Management Component Transport Protocol) subsystem allows reading uninitialized memory when dumping network addresses without proper interface filtering. This affects systems with MCTP enabled, potentially exposing kernel memory contents to userspace applications. The vulnerability is triggered by specific network configuration commands.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory information disclosure leading to potential privilege escalation if combined with other vulnerabilities, or system instability/crashes from accessing invalid memory.
Likely Case
Information disclosure of kernel memory contents to userspace applications, potentially revealing sensitive data or system state.
If Mitigated
Minimal impact if MCTP is not used or systems are properly patched; only affects specific network configuration operations.
🎯 Exploit Status
Requires local access and specific conditions to trigger; discovered via syzkaller fuzzing and reproducible with dhcpd or busybox ip commands.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from commits 24fa213dffa4, acab78ae12c7, d4d1561d17eb, f11cf946c0a9
Vendor Advisory: https://git.kernel.org/stable/c/24fa213dffa470166ec014f979f36c6ff44afb45
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable MCTP subsystem
linuxRemove or disable MCTP kernel module if not required
modprobe -r mctp
echo 'blacklist mctp' >> /etc/modprobe.d/blacklist.conf
Restrict network configuration tools
linuxLimit access to tools that trigger the vulnerability (ip, dhcpd)
chmod 750 /sbin/ip
setcap -r /sbin/ip
🧯 If You Can't Patch
- Disable MCTP subsystem if not required using modprobe blacklisting
- Restrict user access to network configuration tools like ip and dhcpd
🔍 How to Verify
Check if Vulnerable:
Check if MCTP module is loaded: lsmod | grep mctp AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and MCTP module functions normally with test commands📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning mctp_dump_addrinfo
- KMSAN error reports for uninit-value in net/mctp/device.c
Network Indicators:
- Abnormal MCTP protocol traffic patterns
- Failed network configuration operations
SIEM Query:
source="kernel" AND ("mctp_dump_addrinfo" OR "KMSAN: uninit-value" OR "net/mctp/device.c")