CVE-2025-38248

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel bridge component contains a flaw related to multicast router port configuration. Specifically, when per-VLAN multicast snooping is enabled or disabled, ports can be incorrectly re-added to global or per-VLAN router port lists even after being deleted. This can lead to a use-after-free condition when these lists are traversed, such as when adding new ports. The issue stems from incomplete removal of ports from the relevant router port lists during port or VLAN deletion.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.