CVE-2025-38588
📋 TL;DR
A race condition vulnerability in the Linux kernel's IPv6 routing subsystem can cause an infinite loop in the rt6_nlmsg_size() function when reading RCU-protected linked lists. This affects all Linux systems with IPv6 enabled, potentially leading to denial of service. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker triggers infinite loop causing kernel panic and system crash, resulting in complete denial of service.
Likely Case
Local user or process inadvertently triggers the condition causing system instability or temporary unresponsiveness until reboot.
If Mitigated
With proper access controls, only authorized users can trigger the condition, limiting impact to specific services.
🎯 Exploit Status
Requires local access and timing conditions to trigger the race condition. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 3c13db3e47e1, 46aeb66e9e54, 54e6fe9dd3b0, 6d345136c9b8, cd8d8bbd9ced
Vendor Advisory: https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply the relevant patch from kernel.org. 3. Recompile and install the kernel. 4. Reboot into the new kernel.
🔧 Temporary Workarounds
Disable IPv6
allCompletely disable IPv6 networking to prevent the vulnerable code path from being executed
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system logs for kernel panics or unusual process behavior
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from kernel.org. Vulnerable if running unpatched kernel with IPv6 enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: 3c13db3e47e1, 46aeb66e9e54, 54e6fe9dd3b0, 6d345136c9b8, or cd8d8bbd9ced📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System hangs or unresponsiveness
- High CPU usage by kernel processes
Network Indicators:
- Sudden loss of IPv6 connectivity
- Unusual routing table changes
SIEM Query:
source="kernel" AND ("panic" OR "hung" OR "soft lockup") AND process="rt6_nlmsg_size"🔗 References
- https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
- https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab
- https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da
- https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8
- https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38
- https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
