CVE-2025-38324

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Linux kernel versions prior to 6.15.0-rc7

Description:

A flaw was discovered in the Linux kernel related to the MPLS (Multiprotocol Label Switching) implementation. Specifically, the mpls route input rcu() function could be called from within an RTNL (Routing Table Network Layer) context without proper synchronization, leading to potential issues. The issue was identified by syzbot, a fuzzing tool, which reported suspicious RCU (Read-Copy-Update) usage. The fix involves using rcu dereference rtnl() in mpls route input rcu() to ensure proper synchronization and prevent potential race conditions.

Recommendations:

Update to a version newer than 6.15.0-rc7 to address this issue.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-64953

BDU:2025-10737

CVE-2025-38324

DLA-4327-1

DLA-4328-1

DSA-5973-1

ECHO-A9F5-52D9-F0AE

MGASA-2025-0218

MGASA-2025-0219

OESA-2025-1923

OESA-2025-1924

OESA-2025-1925

OESA-2025-1926

OESA-2025-1927

OESA-2025-1928

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7774-5

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38324

Name of the Vulnerable Software and Affected Versions:

Description:

Recommendations:

Weakness Enumeration

Related Identifiers

Affected Products

References · 1400