CVE-2025-38089
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's sunrpc component allows remote attackers to crash the kernel or potentially cause memory corruption by sending specially crafted RPC packets. This affects Linux systems running vulnerable kernel versions with RPC services exposed. The vulnerability is triggered during authentication processing when SVC_GARBAGE is returned.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Remote kernel crash leading to denial of service, or potential memory corruption that could be leveraged for further exploitation.
Likely Case
Remote denial of service through kernel panic/crash on vulnerable systems.
If Mitigated
No impact if systems are patched or RPC services are not exposed to untrusted networks.
🎯 Exploit Status
The GitHub reference suggests exploit code may be available. The vulnerability requires sending specially crafted RPC packets but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the git commits: 353e75b55e583635bf71cde6abcec274dba05edd, 599c489eea793821232a2f69a00fa57d82b0ac98, 94d10a4dba0bc482f2b01e39f06d5513d0f75742, c90459cd58bb421d275337093d8e901e0ba748dd
Vendor Advisory: https://git.kernel.org/stable/c/353e75b55e583635bf71cde6abcec274dba05edd
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for specific kernel package updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable RPC services
linuxDisable or block access to RPC services if not required
systemctl stop rpcbind
systemctl disable rpcbind
iptables -A INPUT -p tcp --dport 111 -j DROP
iptables -A INPUT -p udp --dport 111 -j DROP
🧯 If You Can't Patch
- Implement network segmentation to restrict access to RPC services (ports 111 TCP/UDP)
- Use host-based firewalls to block incoming RPC connections from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from your distribution. Check if rpcbind or other RPC services are running: 'systemctl status rpcbind' or 'netstat -tulpn | grep :111'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits. Check that RPC services are either disabled or protected.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash/reboot events
- RPC authentication failure logs
Network Indicators:
- Unusual RPC traffic patterns
- Multiple connection attempts to port 111
SIEM Query:
source="kernel" AND "panic" OR source="auth" AND "rpc" AND "failure"🔗 References
- https://git.kernel.org/stable/c/353e75b55e583635bf71cde6abcec274dba05edd
- https://git.kernel.org/stable/c/599c489eea793821232a2f69a00fa57d82b0ac98
- https://git.kernel.org/stable/c/94d10a4dba0bc482f2b01e39f06d5513d0f75742
- https://git.kernel.org/stable/c/c90459cd58bb421d275337093d8e901e0ba748dd
- https://github.com/keymaker-arch/NFSundown
- https://www.openwall.com/lists/oss-security/2025/07/02/2
- http://www.openwall.com/lists/oss-security/2025/07/02/2
