CVE-2025-38542

5.5 MEDIUM

Denial of Service

📋 TL;DR

This CVE describes a device reference count leak in the Linux kernel's Appletalk networking module. When updating route entries, the kernel fails to properly release old device references, potentially leading to resource exhaustion. Systems running affected Linux kernel versions with Appletalk support are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE description; check kernel commit history for exact ranges

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if Appletalk module is loaded and in use. Most modern systems don't use Appletalk by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could exhaust kernel device reference resources, leading to denial of service where network interfaces become unavailable or the system becomes unstable.

🟠

Likely Case

Limited impact requiring repeated route updates to trigger resource exhaustion, potentially causing intermittent network issues or requiring system reboot.

🟢

If Mitigated

With proper network segmentation and minimal Appletalk usage, impact is minimal as the vulnerability requires specific network operations to trigger.

🌐 Internet-Facing: LOW - Appletalk is a legacy protocol rarely exposed to internet, and exploitation requires specific network operations.

🏢 Internal Only: MEDIUM - Internal networks using Appletalk or where attackers have network access could potentially trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to manipulate Appletalk routing tables, which typically requires local or network access with appropriate privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits listed in references

Vendor Advisory: https://git.kernel.org/stable/c/473f3eadfc73b0fb6d8dee5829d19a5772e387f7

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify Appletalk module is not needed and consider disabling if unused.

🔧 Temporary Workarounds

Disable Appletalk module

Linux

Prevent loading of vulnerable Appletalk kernel module

echo 'blacklist appletalk' >> /etc/modprobe.d/blacklist.conf
rmmod appletalk

🧯 If You Can't Patch

Disable Appletalk protocol support if not required
Implement network segmentation to limit access to systems using Appletalk

🔍 How to Verify

Check if Vulnerable:

Check if Appletalk module is loaded: lsmod | grep appletalk

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions in git commits, and verify Appletalk module behavior during route updates

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing device reference count warnings or errors
System logs indicating network interface issues

Network Indicators:

Unusual Appletalk routing table modifications
Network connectivity issues on systems using Appletalk

SIEM Query:

source="kernel" AND ("appletalk" OR "atrtr" OR "device refcount")

📊 Metadata

CVE ID: CVE-2025-38542

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.01% exploit probability (2.3th percentile)

Published: August 16, 2025

Last Updated: January 7, 2026

🔗 References

https://git.kernel.org/stable/c/473f3eadfc73b0fb6d8dee5829d19a5772e387f7 Patch
https://git.kernel.org/stable/c/4a17370da6e476d3d275534e9e9cd2d02c57ca46 Patch
https://git.kernel.org/stable/c/64124cf0aab0dd1e18c0fb5ae66e45741e727f8b Patch
https://git.kernel.org/stable/c/711c80f7d8b163d3ecd463cd96f07230f488e750 Patch
https://git.kernel.org/stable/c/a7852b01793669248dce0348d14df89e77a32afd Patch
https://git.kernel.org/stable/c/b2f5dfa87367fdce9f8b995bc6c38f64f9ea2c90 Patch
https://git.kernel.org/stable/c/b92bedf71f25303e203a4e657489d76691a58119 Patch
https://git.kernel.org/stable/c/d2e9f50f0bdad73b64a871f25186b899624518c4 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List