Linux Kernel Vulnerability in AF_RXRPC Preallocation Handling
CVE-2025-38544

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38544?

A flaw exists in the Linux kernel's AF_RXRPC mechanism, where incorrect handling during the preallocation of incoming calls can lead to issues in call ID management. When a server uses AF_RXRPC to process calls, it preallocates call IDs, which must not collide with currently in-use IDs. In the event of an error during this process, the cleanup functions may not mark the call as complete or released, causing instability in call handling and potentially revealing details of the state of these calls. This vulnerability can affect the robustness of server communication frameworks relying on AF_RXRPC.

Affected Version(s)

Linux 00e907127e6f86d0f9b122d9b4347a8aa09a8b61 < 432c5363cd6fe5a928bbc94524d28b05515684dd

Linux 00e907127e6f86d0f9b122d9b4347a8aa09a8b61 < 5385ad53793de2ab11e396bdcdaa65bb04b4dad6

Linux 00e907127e6f86d0f9b122d9b4347a8aa09a8b61

References

https://git.kernel.org/stable/c/432c5363cd6fe5a928bbc9452...

https://git.kernel.org/stable/c/5385ad53793de2ab11e396bdc...

https://git.kernel.org/stable/c/d8ffb47a443919277cb093c3d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025