CVE-2025-38675

EPSS 0.01%
Veröffentlicht 22.08.2025 16:04:12
Zuletzt bearbeitet 25.11.2025 22:05:18
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

xfrm: state: initialize state_ptrs earlier in xfrm_state_find

In case of preemption, xfrm_state_look_at will find a different
pcpu_id and look up states for that other CPU. If we matched a state
for CPU2 in the state_cache while the lookup started on CPU1, we will
jump to "found", but the "best" state that we got will be ignored and
we will enter the "acquire" block. This block uses state_ptrs, which
isn't initialized at this point.

Let's initialize state_ptrs just after taking rcu_read_lock. This will
also prevent a possible misuse in the future, if someone adjusts this
function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.12.13 < 6.12.41

Linux ≫ Linux Kernel Version >= 6.13.2 < 6.15.9

Linux ≫ Linux Kernel Version6.16 Updaterc1

Linux ≫ Linux Kernel Version6.16 Updaterc2

Linux ≫ Linux Kernel Version6.16 Updaterc3

Linux ≫ Linux Kernel Version6.16 Updaterc4

Linux ≫ Linux Kernel Version6.16 Updaterc5

Linux ≫ Linux Kernel Version6.16 Updaterc6

Linux ≫ Linux Kernel Version6.16 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.017

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/6bf2daafc51bcb9272c0fdff2afd38217337d0d3

Patch

https://git.kernel.org/stable/c/463562f9591742be62ddde3b426a0533ed496955

Patch

https://git.kernel.org/stable/c/94d077c331730510d5611b438640a292097341f0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-38675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38675

EUVD