Use-After-Free Vulnerability in Linux Kernel Affecting IPv6 RPL Component
CVE-2025-38476

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38476?

A critical use-after-free vulnerability has been identified in the IPv6 RPL component of the Linux Kernel. The flaw occurs in the function rpl_do_srh_inline(), where it attempts to access an IPv6 header after the associated socket buffer may have been freed, leading to potential exploitation scenarios. This vulnerability can affect the stability of the system, resulting in erroneous behavior when handling network packets. To mitigate this risk, a fix has been implemented by converting the header into a local structure rather than a pointer, ensuring proper memory management and enhancing system reliability.

Affected Version(s)

Linux a7a29f9c361f8542604ef959ae6627f423b7a412

Linux a7a29f9c361f8542604ef959ae6627f423b7a412 < 62dcd9d6e61c39122d2f251a26829e2e55b0a11d

Linux a7a29f9c361f8542604ef959ae6627f423b7a412 < 06ec83b6c792fde1f710c1de3e836da6e257c4c4

References

https://git.kernel.org/stable/c/e8101506ab86dd78f823b7028...

https://git.kernel.org/stable/c/62dcd9d6e61c39122d2f251a2...

https://git.kernel.org/stable/c/06ec83b6c792fde1f710c1de3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025