Kernel Vulnerability in Linux Affecting Network Packet Processing
CVE-2025-38192

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38192?

A vulnerability in the Linux kernel allows improperly configured NAT46 BPF programs to cause kernel crashes by mishandling the conversion of ingress packets from IPv4 to IPv6. When a multicast socket attempts to loop back a packet, the destination buffer remains linked to the original IPv4 protocol after conversion, which can lead to null pointer dereference errors during packet processing. This flaw requires careful mitigation in the handling of protocol changes in BPF helpers to avoid disruption in network operations.

Affected Version(s)

Linux 6578171a7ff0c31dc73258f93da7407510abf085

Linux 6578171a7ff0c31dc73258f93da7407510abf085 < 2a3ad42a57b43145839f2f233fb562247658a6d9

Linux 6578171a7ff0c31dc73258f93da7407510abf085

References

https://git.kernel.org/stable/c/bfa4d86e130a09f67607482e9...

https://git.kernel.org/stable/c/2a3ad42a57b43145839f2f233...

https://git.kernel.org/stable/c/e9994e7b9f7bbb882d13c8191...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025