CVE-2025-38440

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists between disabling Direct Interrupt Management (DIM) and Network Interrupt callbacks using the DIM pointer on the Receive Queue (RQ) or Send Queue (SQ). If NAPI checks the DIM state bit and it is still set, it assumes rq->dim or sq->dim is valid. However, if DIM is disabled immediately after this check, the pointer may already be set to NULL, leading to a NULL pointer dereference in the net dim() function. This can result in a kernel panic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

BDU:2025-09230

CVE-2025-38440

DSA-5975-1

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_03290-1

SUSE-SU-2025_03382-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38440

Weakness Enumeration

Related Identifiers

Affected Products

References · 1598