CVE-2025-38572 – A vulnerability in the Linux kernel's IPv6 Gene... (How to Fix)

Q: What is the severity of CVE-2025-38572?

CVE-2025-38572 has a CVSS score of 7.8 (HIGH). A vulnerability in the Linux kernel's IPv6 Generic Segmentation Offload (GSO) implementation allows crafted packets with excessive IPv6 extension headers to overflow the 16-bit transport_header field, potentially causing kernel crashes or denial of service. This affects Linux systems with IPv6 enabled and GSO functionality active. Attackers can exploit this remotely by sending malicious IPv6 packets.

📋 TL;DR

A vulnerability in the Linux kernel's IPv6 Generic Segmentation Offload (GSO) implementation allows crafted packets with excessive IPv6 extension headers to overflow the 16-bit transport_header field, potentially causing kernel crashes or denial of service. This affects Linux systems with IPv6 enabled and GSO functionality active. Attackers can exploit this remotely by sending malicious IPv6 packets.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: All Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IPv6 to be enabled and GSO functionality active. Most modern Linux distributions have these enabled by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially allowing limited local privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System crash or kernel panic causing denial of service on affected systems.

🟢

If Mitigated

Minimal impact if systems are patched or have IPv6 disabled.

🌐 Internet-Facing: HIGH - Remote unauthenticated attackers can send malicious IPv6 packets to vulnerable systems.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but requires network access to the target system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Simple packet crafting required

The vulnerability was discovered through fuzzing (syzbot), suggesting reliable exploitation is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 09ff062b89d8e48165247d677d1ca23d6d607e9b, 3f638e0b28bde7c3354a0df938ab3a96739455d1, 5489e7fc6f8be3062f8cb7e49406de4bfd94db67, 573b8250fc2554761db3bc2bbdbab23789d52d4e, or 5dc60b2a00ed7629214ac0c48e43f40af2078703

Vendor Advisory: https://git.kernel.org/stable/c/09ff062b89d8e48165247d677d1ca23d6d607e9b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable IPv6

linux

Completely disable IPv6 functionality to prevent exploitation

echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p

Disable GSO for IPv6

linux

Disable Generic Segmentation Offload for IPv6 traffic

ethtool -K <interface> gso off
ethtool -K <interface> gro off
ethtool -K <interface> tso off

🧯 If You Can't Patch

Implement network filtering to block IPv6 packets with excessive extension headers
Use firewalls to restrict IPv6 traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution's security advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version, check that system doesn't crash when receiving test IPv6 packets

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/messages or dmesg
System crash/reboot logs
Network interface errors

Network Indicators:

Unusual IPv6 packets with many extension headers
Traffic patterns attempting to trigger GSO segmentation

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND ("ipv6" OR "GSO" OR "transport_header")

📊 Metadata

CVE ID: CVE-2025-38572

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.01% exploit probability (2.4th percentile)

Published: August 19, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/09ff062b89d8e48165247d677d1ca23d6d607e9b Patch
https://git.kernel.org/stable/c/3f638e0b28bde7c3354a0df938ab3a96739455d1 Patch
https://git.kernel.org/stable/c/5489e7fc6f8be3062f8cb7e49406de4bfd94db67 Patch
https://git.kernel.org/stable/c/573b8250fc2554761db3bc2bbdbab23789d52d4e Patch
https://git.kernel.org/stable/c/5dc60b2a00ed7629214ac0c48e43f40af2078703 Patch
https://git.kernel.org/stable/c/d45cf1e7d7180256e17c9ce88e32e8061a7887fe Patch
https://git.kernel.org/stable/c/de322cdf600fc9433845a9e944d1ca6b31cfb67e Patch
https://git.kernel.org/stable/c/ee851768e4b8371ce151fd446d24bf3ae2d18789 Patch
https://git.kernel.org/stable/c/ef05007b403dcc21e701cb1f30d4572ac0a9da20 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON