CVE-2025-38440 — Race Condition in Linux

CWE-362 — Race Condition CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition16 documents6 sources

Severity

4.7MEDIUMNVD

OSV3.2

EPSS

0.0%

top 97.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJul 25

Latest updateDec 15

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dim pointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it assumes `rq->dim` or `sq->dim` is valid. But if DIM gets disabled right after that check, the pointer might already be set to NULL, leading to a NULL pointer dereference in net_dim(). Fix this by calling `synchronize_net…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.10 — 6.12.39+2

▶Debianlinux/linux_kernel< 6.12.41-1+1

▶CVEListV5linux/linux445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68 — 7581afc051542e11ccf3ade68acd01b7fb1a3cde+3

▶debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure, linux-azure-6.14 vulnerabilities↗2025-12-15

▶

OSV

linux-gcp-6.14, linux-raspi vulnerabilities↗2025-12-04

▶

OSV

linux-aws-6.14, linux-oracle-6.14 vulnerabilities↗2025-11-26

▶

OSV

linux-oem-6.14 vulnerabilities↗2025-11-21

▶

OSV

linux, linux-aws, linux-gcp, linux-hwe-6.14, linux-oracle, linux-realtime vulnerabilities↗2025-11-21

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-12-15

▶

Ubuntu

Linux kernel vulnerabilities↗2025-12-04

▶

Ubuntu

Linux kernel vulnerabilities↗2025-11-26

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2025-11-21

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2025-11-21

▶