CVE-2025-38037
📋 TL;DR
This CVE describes a data race condition in the Linux kernel's VXLAN implementation where concurrent access to FDB (Forwarding Database) entry fields ('used' and 'updated') can cause inconsistent state. This affects systems using VXLAN networking with multiple threads accessing the same FDB entries simultaneously. The vulnerability could lead to kernel instability or incorrect network behavior.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to race condition leading to memory corruption or inconsistent network state.
Likely Case
Intermittent network connectivity issues, packet loss, or incorrect forwarding decisions in VXLAN networks.
If Mitigated
Minor performance impact with proper synchronization, but no security or stability issues.
🎯 Exploit Status
The provided script demonstrates the race condition but doesn't show weaponization. Exploitation requires specific VXLAN configuration and concurrent access patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 02a33b1035a3, 13cba3f83790, 4eceb7eae6ea, 784b78295a3a, 87d076987a9b
Vendor Advisory: https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable KCSAN reporting
linuxSuppress Kernel Concurrency Sanitizer reports for vxlan_xmit function
echo !vxlan_xmit > /sys/kernel/debug/kcsan
Avoid concurrent VXLAN traffic
linuxLimit VXLAN interface usage to single threads or processes
🧯 If You Can't Patch
- Disable VXLAN interfaces if not required
- Implement network segmentation to isolate VXLAN traffic
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if VXLAN is configured. Run provided reproduction script to trigger KCSAN reports.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Run reproduction script and confirm no KCSAN reports for vxlan_xmit.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing KCSAN data-race reports for vxlan_xmit
- System crashes or instability when using VXLAN
Network Indicators:
- Inconsistent VXLAN packet forwarding
- Increased packet loss on VXLAN interfaces
SIEM Query:
source="kernel" AND "KCSAN: data-race" AND "vxlan_xmit"🔗 References
- https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7
- https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f
- https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f
- https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3
- https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1
- https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7
- https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa
- https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
