PT-2025-33787 · Linux+3 · Linux Kernel+3

Kernel Test Robot

Published

2025-07-23

Updated

2026-02-27

CVE-2025-38589

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc6-01246-gf7f52738637f

Description: A null-pointer dereference issue was identified in the neigh flush dev() function within the Linux kernel. This occurred due to a missing check when using the per-netdev neighbour list, specifically within neigh table clear() when called with a NULL device. The issue was initially reported by the kernel test robot and resulted in a general protection fault.

Recommendations: Update to a version newer than 6.12.0-rc6-01246-gf7f52738637f.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-02847

CVE-2025-38589

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2025-33787 · Linux+3 · Linux Kernel+3

CVE-2025-38589

Weakness Enumeration

Related Identifiers

Affected Products

References · 676