Race Condition Vulnerability in Linux Kernel Networking Stack
CVE-2025-38617

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38617?

A race condition exists in the networking stack of the Linux kernel, specifically in the functions packet_set_ring() and packet_notifier(). This flaw allows multiple threads to interact with the network interface during critical locking periods, potentially leading to inconsistent states and unpredictable network behavior. Affected versions need to ensure proper handling of lock management in these functions to prevent unintended interactions during networking events like NETDEV_UP.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7de07705007c7e34995a5599aaab1d23e762d7ca

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 88caf46db8239e6471413d28aabaa6b8bd552805

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/7de07705007c7e34995a5599a...
https://git.kernel.org/stable/c/88caf46db8239e6471413d28a...
https://git.kernel.org/stable/c/f2e8fcfd2b1bc754920108b7f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38617 : Race Condition Vulnerability in Linux Kernel Networking Stack