CVE-2025-38544
📋 TL;DR
A race condition vulnerability in the Linux kernel's AF_RXRPC subsystem allows userspace servers to trigger kernel assertions (crashes) when handling preallocated call IDs. This affects systems running Linux kernels with AF_RXRPC enabled and userspace applications using this socket type for RPC services. The vulnerability can cause kernel panics leading to denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical or remote console access to reboot.
Likely Case
Local denial of service through kernel crash when AF_RXRPC userspace servers encounter specific race conditions during call preallocation.
If Mitigated
No impact if AF_RXRPC is not used or if vulnerable kernel versions are patched.
🎯 Exploit Status
Requires local access and ability to run or interact with AF_RXRPC userspace servers. Race condition exploitation requires precise timing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 432c5363cd6fe5a928bbc94524d28b05515684dd, 5385ad53793de2ab11e396bdcdaa65bb04b4dad6, 69e4186773c6445b258fb45b6e1df18df831ec45, d8ffb47a443919277cb093c3db1ec6c0a06880b1
Vendor Advisory: https://git.kernel.org/stable/c/432c5363cd6fe5a928bbc94524d28b05515684dd
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable AF_RXRPC module
LinuxPrevent loading of the AF_RXRPC kernel module if not needed
echo 'install rxrpc /bin/false' >> /etc/modprobe.d/disable-rxrpc.conf
rmmod rxrpc
🧯 If You Can't Patch
- Disable or stop any userspace applications using AF_RXRPC sockets
- Implement strict access controls to prevent unauthorized users from running AF_RXRPC services
🔍 How to Verify
Check if Vulnerable:
Check if AF_RXRPC module is loaded: lsmod | grep rxrpc AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits and AF_RXRPC module functions normally if required📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to rxrpc assertions
- System crash/reboot logs when AF_RXRPC services are active
Network Indicators:
- Unexpected restarts of systems running AF_RXRPC services
SIEM Query:
event_type:"kernel_panic" AND message:"rxrpc" OR process_name:"AF_RXRPC" AND event_type:"system_reboot"