Linux Kernel Vulnerability in RXRPC Functionality by Kernel.org
CVE-2025-38525

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38525?

A vulnerability in the Linux kernel affects the RXRPC functionality due to improper handling of interrupts during the assessment of MTU sizes for incoming calls. The rxrpc_assess_MTU_size() function is called from within rxrpc_new_incoming_call() while holding interrupts disabled, resulting in potential inconsistencies. A warning is triggered when the IP layer attempts to enable local bottom halves while interrupts are still disabled. The resolution involves relocating the call to rxrpc_assess_MTU_size() to occur without interrupt restrictions, thus ensuring smooth operation and improved stability.

Affected Version(s)

Linux a2ea9a9072607c2fd6442bd1ffb4dbdbf882aed7 < 2029f21f10dedb88c0f86abffcf8d6c21dcf6040

Linux a2ea9a9072607c2fd6442bd1ffb4dbdbf882aed7

Linux 6.14

References

https://git.kernel.org/stable/c/2029f21f10dedb88c0f86abff...

https://git.kernel.org/stable/c/e4d2878369d590bf8455e3678...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025