Login Sign Up

CVE-2025-38375

7.8 HIGH

📋 TL;DR

This vulnerability in the Linux kernel's virtio-net driver allows an out-of-bound read when processing XDP (eXpress Data Path) packets. Attackers could potentially read kernel memory beyond allocated buffers, leading to information disclosure or system crashes. Systems using virtio-net with XDP enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with the vulnerable virtio-net XDP implementation (specific versions not specified in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Requires virtio-net driver with XDP enabled; not all configurations are vulnerable

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to privilege escalation or system compromise through information leakage

🟠

Likely Case

System instability, kernel panic, or denial of service through memory corruption

🟢

If Mitigated

Minimal impact if XDP is disabled or virtio-net is not in use

🌐 Internet-Facing: LOW - Requires local access or compromised container/VM
🏢 Internal Only: MEDIUM - Could be exploited by malicious containers/VMs or local users

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to send packets to virtio-net interface; XDP must be enabled

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 11f2d0e8be2b5e784ac45fa3da226492c3e506d8 or later

Vendor Advisory: https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version with 'uname -r'

🔧 Temporary Workarounds

Disable XDP on virtio-net interfaces

linux

Prevents exploitation by disabling the vulnerable XDP feature

ip link set dev <interface> xdp off

🧯 If You Can't Patch

  • Disable XDP on all virtio-net interfaces
  • Isolate virtio-net interfaces from untrusted networks/users

🔍 How to Verify

Check if Vulnerable:

Check if virtio-net interfaces have XDP enabled: 'ip link show | grep -A5 virtio'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commit: check kernel changelog or version

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crashes
  • Memory corruption warnings in dmesg

Network Indicators:

  • Unusual packet patterns to virtio-net interfaces

SIEM Query:

kernel: "BUG: unable to handle kernel paging request" OR "general protection fault"

📊 Metadata

CVE ID: CVE-2025-38375
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
EPSS Score: 0.02% exploit probability (4.5th percentile)
Published: July 25, 2025
Last Updated: December 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38375, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)