CVE-2025-38572

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.153-1~deb11u1 Linux kernel versions prior to 5.10.244-1 Linux kernel versions prior to 6.6.105

Description The Linux kernel has several vulnerabilities, including potential privilege escalation, denial of service, and information leaks. A vulnerability exists in the IPv6 implementation where crafted packets with long IPv6 extension headers can cause a buffer overflow in the skb->transport header field. This is addressed by adding a helper function, skb reset transport header careful(). The vulnerability affects multiple kernel versions and has been addressed in recent updates.

Recommendations Upgrade the Linux kernel to version 6.1.153-1~deb11u1 or later. Upgrade the Linux kernel to version 5.10.244-1 or later. Upgrade the Linux kernel to version 6.6.105 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2025:18318

AZL-66527

AZL-73854

BDU:2025-15171

CVE-2025-38572

DLA-4327-1

DLA-4328-1

ECHO-3BB5-C47C-C892

MGASA-2025-0234

MGASA-2025-0235

OESA-2026-1306

OESA-2026-1341

OPENSUSE-SU-2025:20081-1

RHSA-2025:18318

SUSE-SU-2025:03272-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03301-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03602-1

SUSE-SU-2025:03613-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03626-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20653-1

SUSE-SU-2025:20669-1

SUSE-SU-2025:20739-1

SUSE-SU-2025:20756-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

SUSE-SU-2025_03272-1

SUSE-SU-2025_03290-1

SUSE-SU-2025_03301-1

SUSE-SU-2025_03382-1

SUSE-SU-2026:0144-1

SUSE-SU-2026:0148-1

SUSE-SU-2026:0154-1

SUSE-SU-2026:0155-1

SUSE-SU-2026:0163-1

SUSE-SU-2026:0166-1

SUSE-SU-2026:0168-1

SUSE-SU-2026:0171-1

SUSE-SU-2026:0173-1

SUSE-SU-2026:0174-1

SUSE-SU-2026:0176-1

SUSE-SU-2026:0180-1

SUSE-SU-2026:0184-1

SUSE-SU-2026:0186-1

SUSE-SU-2026:0187-1

SUSE-SU-2026:0191-1

SUSE-SU-2026:0206-1

SUSE-SU-2026:0246-1

SUSE-SU-2026:0262-1

SUSE-SU-2026:0269-1

SUSE-SU-2026:0270-1

SUSE-SU-2026:0274-1

SUSE-SU-2026:0283-1

SUSE-SU-2026:0284-1

SUSE-SU-2026:20149-1

SUSE-SU-2026:20164-1

SUSE-SU-2026:20169-1

SUSE-SU-2026:20248-1

SUSE-SU-2026:20249-1

SUSE-SU-2026:20250-1

SUSE-SU-2026:20251-1

SUSE-SU-2026:20252-1

SUSE-SU-2026:20253-1

SUSE-SU-2026:20255-1

SUSE-SU-2026:20256-1

SUSE-SU-2026:20257-1

SUSE-SU-2026:20258-1

SUSE-SU-2026:20259-1

SUSE-SU-2026:20265-1

SUSE-SU-2026:20266-1

SUSE-SU-2026:20376-1

SUSE-SU-2026:20377-1

SUSE-SU-2026:20378-1

SUSE-SU-2026:20379-1

SUSE-SU-2026:20380-1

SUSE-SU-2026:20385-1

SUSE-SU-2026:20392-1

SUSE-SU-2026:20393-1

SUSE-SU-2026:20394-1

SUSE-SU-2026:20395-1

SUSE-SU-2026:20396-1

SUSE-SU-2026:20397-1

SUSE-SU-2026:20400-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7934-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38572

Weakness Enumeration

Related Identifiers

Affected Products

References · 3984