Linux Kernel Vulnerability in MPTCP Implementation by Linux Foundation
CVE-2025-38491

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38491?

A vulnerability identified in the Linux kernel's MultiPath TCP (MPTCP) implementation can lead to improper handling of fallback actions and decisions. This issue was reported by Syzkaller, indicating potential instability under certain network conditions. The vulnerability exists when MPTCP attempts to switch to fallback modes without ensuring the actions are atomic, possibly causing undesired behavior during network operations. The affected versions of the kernel require immediate updates to mitigate any potential security risks associated with this flaw.

Affected Version(s)

Linux 0530020a7c8f2204e784f0dbdc882bbd961fdbde < 54999dea879fecb761225e28f274b40662918c30

Linux 0530020a7c8f2204e784f0dbdc882bbd961fdbde < 1d82a8fe6ee4afdc92f4e8808c9dad2a6095bbc5

Linux 0530020a7c8f2204e784f0dbdc882bbd961fdbde

References

https://git.kernel.org/stable/c/54999dea879fecb761225e28f...

https://git.kernel.org/stable/c/1d82a8fe6ee4afdc92f4e8808...

https://git.kernel.org/stable/c/f8a1d9b18c5efc76784f5a326...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025