Linux Kernel Local Vulnerability in af_packet Module by Vendor
CVE-2025-38150

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38150?

A local vulnerability exists within the Linux kernel's af_packet module due to improper handling of context during the modification of multicast lists associated with network devices. Specifically, operations intended to modify the multicast list can lead to a state where a sleeping function is improperly called from an invalid context. This mismanagement occurs when calling PACKET_ADD_MEMBERSHIP on an operations-locked device, potentially resulting in disruptions to network device functionalities such as disabling promiscuous mode or allmulti mode. The vulnerability affects the integrity and stability of network operations, highlighting the necessity for secure management of device states and locking mechanisms.

Affected Version(s)

Linux ad7c7b2172c388818a111455643491d75f535e90 < 2dd4781c5af99415ebbd2f7cc763feb109863c05

Linux ad7c7b2172c388818a111455643491d75f535e90

Linux 6.15

References

https://git.kernel.org/stable/c/2dd4781c5af99415ebbd2f7cc...

https://git.kernel.org/stable/c/d8d85ef0a631df9127f202e63...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025