PT-2025-38557 · Linux+4 · Linux Kernel+4

Published

2025-09-01

·

Updated

2026-05-07

·

CVE-2025-39850

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17.0-rc2-virtme-g2a89cb21162c through 6.17.0-rc2-virtmne-g6ee90cb26014
Description A null pointer dereference (NPD) issue was identified in the vxlan module when using nexthop objects with the "proxy" option enabled. This occurs because the code incorrectly assumes a valid remote destination for FDB entries associated with FDB nexthop groups. Exploitation can be triggered by ARP requests and IPv6 Neighbor Solicitation messages, potentially leading to system instability.
Recommendations Linux kernel versions prior to 6.17.0-rc2-virtme-g2a89cb21162c and prior to 6.17.0-rc2-virtmne-g6ee90cb26014 should be updated.

Exploit

Fix

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-67565
AZL-72340
BDU:2025-13882
CVE-2025-39850
DSA-6008-1
ECHO-7AC1-F48B-3F73
OESA-2025-2465
OESA-2025-2466
OESA-2025-2467
OESA-2025-2469
OESA-2025-2470
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu