Login Sign Up

CVE-2025-38441

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the netfilter flowtable component where the nf_flow_pppoe_proto() function fails to account for Ethernet header length when processing PPPoE packets. This can lead to kernel memory corruption and potential system crashes. Affects Linux systems using netfilter with PPPoE connections.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable commit until patched versions
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when netfilter flowtable is enabled and system processes PPPoE packets. Many distributions don't enable flowtable by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting network connectivity.

🟢

If Mitigated

Minimal impact if system doesn't use PPPoE or netfilter flowtable features.

🌐 Internet-Facing: MEDIUM - Requires specific PPPoE configuration and network traffic patterns.
🏢 Internal Only: LOW - Requires internal PPPoE usage and specific kernel configurations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted PPPoE packets to a vulnerable system with netfilter flowtable enabled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable netfilter flowtable

linux

Disable the netfilter flowtable feature if not required

echo 0 > /proc/sys/net/netfilter/nf_flowtable_offload
sysctl -w net.netfilter.nf_flowtable_offload=0

Block PPPoE traffic

linux

Use firewall rules to block PPPoE protocol traffic

iptables -A INPUT -p pppoe -j DROP
iptables -A FORWARD -p pppoe -j DROP

🧯 If You Can't Patch

  • Disable netfilter flowtable feature using sysctl commands
  • Implement network segmentation to isolate systems using PPPoE

🔍 How to Verify

Check if Vulnerable:

Check if netfilter flowtable is enabled: cat /proc/sys/net/netfilter/nf_flowtable_offload

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and netfilter flowtable functionality works with PPPoE

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • System crash dumps
  • Netfilter error messages in dmesg

Network Indicators:

  • Unusual PPPoE traffic patterns
  • Network connectivity drops

SIEM Query:

source="kernel" AND ("panic" OR "BUG" OR "KMSAN") AND "nf_flow"

📊 Metadata

CVE ID: CVE-2025-38441
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-908
EPSS Score: 0.02% exploit probability (4.4th percentile)
Published: July 25, 2025
Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38441, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)