Login Sign Up

CVE-2025-38097

5.5 MEDIUM
Denial of Service

📋 TL;DR

A reference leak vulnerability in the Linux kernel's espintcp module prevents proper cleanup of network namespace references when deleting xfrm states. This can cause network namespaces to remain allocated after processes terminate, leading to resource exhaustion. Systems using IPsec ESP in TCP mode with Linux kernel networking are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with espintcp support before the fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when IPsec ESP in TCP mode is configured and network namespaces are being created/destroyed.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Resource exhaustion leading to denial of service as orphaned network namespaces accumulate, potentially causing kernel instability or system crashes.

🟠

Likely Case

Gradual memory/resource leakage over time in systems that frequently create/destroy network namespaces with active IPsec connections.

🟢

If Mitigated

Minimal impact if systems don't use IPsec ESP in TCP mode or rarely modify network namespaces.

🌐 Internet-Facing: LOW - Requires IPsec configuration and network namespace manipulation, not directly exploitable from external networks.
🏢 Internal Only: MEDIUM - Internal systems using IPsec ESP over TCP with container/virtualization technologies could experience resource exhaustion.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires ability to create IPsec connections and manipulate network namespaces, typically requiring privileged access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 028363685bd0b7a19b4a820f82dd905b1dc83999 or later

Vendor Advisory: https://git.kernel.org/stable/c/028363685bd0b7a19b4a820f82dd905b1dc83999

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable IPsec ESP over TCP

linux

Avoid using IPsec ESP in TCP mode to prevent triggering the vulnerability

# Remove or comment espintcp configurations from ipsec.conf
# Disable espintcp module if possible

Limit network namespace creation

linux

Restrict creation of new network namespaces to reduce exposure

# Set user namespace limits: echo 'user.max_user_namespaces=0' >> /etc/sysctl.conf
# sysctl -p

🧯 If You Can't Patch

  • Monitor system memory and network namespace counts for abnormal growth
  • Regularly restart systems or services using IPsec ESP over TCP to clear potential leaks

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if espintcp module is loaded: 'lsmod | grep espintcp' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: 'uname -r' and check with distribution vendor for patched versions

📡 Detection & Monitoring

Log Indicators:

  • Kernel messages about network namespace reference counts
  • System logs showing memory exhaustion over time

Network Indicators:

  • Unusual persistence of network namespaces after process termination

SIEM Query:

source="kernel" AND ("network namespace" OR "reference leak" OR "espintcp")

📊 Metadata

CVE ID: CVE-2025-38097
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.03% exploit probability (7th percentile)
Published: July 3, 2025
Last Updated: December 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON