Vulnerability in Linux Kernel MPLS Implementation Affecting Various Distributions
CVE-2025-38324

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38324?

A key vulnerability has been identified in the Linux Kernel related to the multiprotocol label switching (MPLS) implementation. The issue arises in the function 'mpls_route_input_rcu()', which can be invoked from 'mpls_getroute()'. The data structure 'net->mpls.platform_label' is only modified while holding the RTNL lock. As a preventive measure, the use of 'rcu_dereference_rtnl()' is now implemented within 'mpls_route_input_rcu()' to mitigate potential race conditions, silencing associated warnings and ensuring better synchronization in a multitasking environment.

Affected Version(s)

Linux 0189197f441602acdca3f97750d392a895b778fd < 2919297b18e5a5fb7e643f9e32c12c0b17cce1be

Linux 0189197f441602acdca3f97750d392a895b778fd < 36af82f25fbdcd719eb947c15ea874bf80bcf229

Linux 0189197f441602acdca3f97750d392a895b778fd

References

https://git.kernel.org/stable/c/2919297b18e5a5fb7e643f9e3...

https://git.kernel.org/stable/c/36af82f25fbdcd719eb947c15...

https://git.kernel.org/stable/c/d8cd847fb8626872631cc22d4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025