CVE-2025-38550
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's IPv6 multicast implementation. An attacker could potentially exploit this to cause a kernel panic (denial of service) or possibly execute arbitrary code with kernel privileges. All Linux systems with IPv6 enabled are potentially affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.
If Mitigated
No impact if IPv6 is disabled or if the system is not processing multicast traffic.
🎯 Exploit Status
Exploitation requires sending crafted IPv6 multicast packets to trigger the vulnerable code path in mld_del_delrec().
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 5f18e0130194550dff734e155029ae734378b5ea, 6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806, 728db00a14cacb37f36e9382ab5fad55caf890cc, 7929d27c747eafe8fca3eecd74a334503ee4c839, ae3264a25a4635531264728859dbe9c659fad554
Vendor Advisory: https://git.kernel.org/stable/c/5f18e0130194550dff734e155029ae734378b5ea
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for patched kernel packages. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable IPv6
linuxCompletely disable IPv6 to prevent exploitation of this vulnerability
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p
Block IPv6 multicast traffic
linuxUse firewall rules to block incoming IPv6 multicast traffic
ip6tables -A INPUT -d ff00::/8 -j DROP
🧯 If You Can't Patch
- Disable IPv6 completely if not needed
- Implement strict network segmentation to limit multicast traffic exposure
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisories. Vulnerable if running kernel without the fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to one containing the fix commits. Check with: uname -r and compare with patched versions from distribution.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- System crash/reboot logs
- IPv6 multicast-related errors
Network Indicators:
- Unusual IPv6 multicast traffic patterns
- Spike in IPv6 multicast packets to target systems
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="kernel"🔗 References
- https://git.kernel.org/stable/c/5f18e0130194550dff734e155029ae734378b5ea
- https://git.kernel.org/stable/c/6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806
- https://git.kernel.org/stable/c/728db00a14cacb37f36e9382ab5fad55caf890cc
- https://git.kernel.org/stable/c/7929d27c747eafe8fca3eecd74a334503ee4c839
- https://git.kernel.org/stable/c/ae3264a25a4635531264728859dbe9c659fad554
- https://git.kernel.org/stable/c/dcbc346f50a009d8b7f4e330f9f2e22d6442fa26
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
