Linux Kernel Route Notification Vulnerability in IPv6
CVE-2025-38638

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38638?

A flaw in the Linux kernel's handling of IPv6 route notifications allows for concurrent modifications which can lead to incorrect route management. The issue arises in the inet6_rt_notify() function where route changes can occur simultaneously under Read-Copy-Update (RCU) conditions, potentially resulting in errors like -EMSGSIZE during execution. The vulnerability has been addressed by implementing a retry logic that resizes the socket buffer when an error occurs. This fix enhances the stability and reliability of IPv6 route changes within the kernel, mitigating the risks associated with concurrent processing.

Affected Version(s)

Linux 169fd62799e8acabbfb4760799be11138ced949c < 0bdca3439a22c70eb8f404acd61bf7aca5d731b0

Linux 169fd62799e8acabbfb4760799be11138ced949c

Linux 6.16

References

https://git.kernel.org/stable/c/0bdca3439a22c70eb8f404acd...

https://git.kernel.org/stable/c/ea2f921db7a483a526058c5b5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025