Linux Kernel Vulnerability in MultiPath TCP Subflow Management
CVE-2025-38552

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38552?

A race condition in the Linux kernel affects the management of MultiPath Transmission Control Protocol (MPTCP) subflows, leading to potential instability during socket operations. Specifically, this vulnerability arises when a subflow fails concurrently with the creation of new subflows. The newly introduced mechanism involves implementing a dedicated flag, governed by the fallback lock, to enforce socket state and prevent unnecessary subflow creation. This resolution is aimed at enhancing the robustness of MPTCP, ensuring that socket operations remain stable under potential race conditions.

Affected Version(s)

Linux 478d770008b03ed9d74bdc8add2315b7fd124ecc < 7c96d519ee15a130842a6513530b4d20acd2bfcd

Linux 478d770008b03ed9d74bdc8add2315b7fd124ecc

Linux 478d770008b03ed9d74bdc8add2315b7fd124ecc < 659da22dee5ff316ba63bdaeeac7b58b5442f6c2

References

https://git.kernel.org/stable/c/7c96d519ee15a130842a65135...

https://git.kernel.org/stable/c/f81b6fbe13c7fc413b5158cdf...

https://git.kernel.org/stable/c/659da22dee5ff316ba63bdaee...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025