PT-2025-33567 · Linux+4 · Linux Kernel+4

Published

2025-07-17

·

Updated

2026-04-20

·

CVE-2025-38524

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A race condition exists in the rxrpc subsystem where a call can be processed by multiple threads concurrently. This occurs when a call is placed on the socket queue and multiple threads attempt to process it before the socket lock is dropped. If the first thread processes the call and it terminates, the call is released, decoupling it from its user call ID. A subsequent thread, blocked on the user mutex, may then encounter an error, leading to a kernel BUG in net/rxrpc/recvmsg.c:474.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Weakness Enumeration

CWE-362

Related Identifiers

AZL-66374
AZL-70451
BDU:2026-06105
CVE-2025-38524
ECHO-961B-4F8C-A885
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu