Race Condition Vulnerability in Linux Kernel's RXRPC Socket Handling
CVE-2025-38524

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38524?

The Linux kernel's RXRPC subsystem has a race condition vulnerability that arises when a call receives an event while being processed. This issue allows a second thread to improperly access and manage calls on a socket's queue, potentially leading to an unexpected state and system instability. The vulnerability is mitigated by ensuring that calls are dequeued properly and preventing subsequent operations on already released calls. This fix enhances the overall stability and security of RXRPC socket operations, mitigating the risks of race condition exploits.

Affected Version(s)

Linux 248f219cb8bcbfbd7f132752d44afa2df7c241d1 < 7692bde890061797f3dece0148d7859e85c55778

Linux 248f219cb8bcbfbd7f132752d44afa2df7c241d1 < 839fe96c15209dc2255c064bb44b636efe04f032

Linux 248f219cb8bcbfbd7f132752d44afa2df7c241d1 < 6c75a97a32a5fa2060c3dd30207e63b6914b606d

References

https://git.kernel.org/stable/c/7692bde890061797f3dece014...

https://git.kernel.org/stable/c/839fe96c15209dc2255c064bb...

https://git.kernel.org/stable/c/6c75a97a32a5fa2060c3dd302...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025