Skip to main content

Debian Linux CVE-2025-38617

MEDIUM
Race Condition (CWE-362)
2025-08-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
4.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 18, 2026 - 17:37 vuln.today
Patch released
Mar 18, 2026 - 17:37 nvd
Patch available
CVE Published
Aug 22, 2025 - 14:15 nvd
MEDIUM 4.7

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix a race in packet_set_ring() and packet_notifier()

When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event.

This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()").

There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken.

The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

AnalysisAI

A race condition exists in the Linux kernel's packet socket implementation between the packet_set_ring() and packet_notifier() functions, where a temporary lock release allows a NETDEV_UP event to be processed while the socket is in an inconsistent state. This vulnerability affects all Linux kernel versions from 2.6.12 onwards and requires local privilege (non-root user) with moderately high attack complexity to exploit, resulting in a denial of service through resource exhaustion or system crash. The EPSS score of 0.01% indicates extremely low real-world exploitation probability despite the availability of patches and detailed technical analysis from Google security research.

Technical ContextAI

The vulnerability resides in the net/packet subsystem of the Linux kernel, specifically in the synchronization logic between packet_set_ring() and packet_notifier() functions. The root cause is classified as CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization), a classic race condition vulnerability. The packet_set_ring() function temporarily releases the po->bind_lock to perform blocking operations (such as memory allocation), creating a window where packet_notifier() can execute and process NETDEV_UP events. During this window, the socket state becomes inconsistent because po->num (which tracks the socket's active status in the notification handler) is not zeroed. This mirrors a previously-patched race condition fixed by commit 15fe076edea7 in packet_bind(). The fix involves temporarily setting po->num to zero while the lock is released, keeping the socket logically unhooked from the notification system until the lock is retaken and the operation completes.

RemediationAI

Apply the available kernel patches immediately by upgrading to a patched kernel version provided by your distribution. For Debian systems, apply security updates from the debian-lts-announce channels (October 2025 releases). For other distributions, consult vendor security advisories and apply kernel updates that include commits addressing CVE-2025-38617 (patches are available at git.kernel.org/stable/ with the listed commit hashes). If immediate patching is not feasible, restrict packet socket creation through Linux security modules (AppArmor/SELinux) or seccomp policies to limit which users and processes can invoke socket(AF_PACKET, ...) operations, and consider running untrusted workloads in containers with restricted capabilities. Given the low EPSS score, this can be scheduled as part of regular kernel maintenance rather than as an emergency out-of-band patch.

CVE-2025-49113 CRITICAL POC
9.9 Jun 02

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au

CVE-2026-24061 CRITICAL POC
9.8 Jan 21

GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain

CVE-2025-32433 CRITICAL POC
10.0 Apr 16

Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling

CVE-2017-11610 HIGH POC
8.8 Aug 23

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem

CVE-2015-0235 CRITICAL POC
10.0 Jan 28

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,

CVE-2014-3704 HIGH POC
7.5 Oct 16

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct

CVE-2013-0156 HIGH POC
7.5 Jan 13

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an

CVE-2017-12629 CRITICAL POC
9.8 Oct 14

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi

CVE-2017-14492 CRITICAL POC
9.8 Oct 03

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2014-2323 CRITICAL POC
9.8 Mar 14

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary

CVE-2016-2098 HIGH POC
7.3 Apr 07

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e

CVE-2016-6662 CRITICAL POC
9.8 Sep 20

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.42 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.50 Image SL-Micro Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.73 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.85 Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.1 Affected

Share

CVE-2025-38617 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy