Unaffected Ethernet Header Vulnerability in Linux Kernel Netfilter Products
CVE-2025-38441

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38441?

A vulnerability in the Linux kernel's netfilter module allows for potential access to uninitialized values in the nf_flow_pppoe_proto function, which processes Ethernet headers incorrectly. This issue arises from a missing operation that fails to account for the Ethernet header in the flow table, leading to security risks. Exploitation may allow malicious actors to access uninitialized memory, potentially leading to information disclosure or other unintended behavior within the kernel networking stack.

Affected Version(s)

Linux d06977b9a4109f8738bb276125eb6a0b772bc433

Linux 8bf7c76a2a207ca2b4cfda0a279192adf27678d7

Linux a2471d271042ea18e8a6babc132a8716bb2f08b9 < 9fbc49429a23b02595ba82536c5ea425fdabb221

References

https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa...

https://git.kernel.org/stable/c/eed8960b289327235185b7c32...

https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025