CVE-2025-38617Race Condition in Linux

CWE-362Race ConditionCWE-366Race Condition within a Thread90 documents10 sources
Severity
4.7MEDIUMNVD
OSV7.8OSV7.1OSV5.5
EPSS
0.1%
top 80.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 22
Latest updateMar 19

Description

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had t

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel2.6.135.4.297+8
Debianlinux/linux_kernel< 5.10.244-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac218f13f2a83eb81be349a9757ba2141ff1da9ad73+9

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

40
Kernel
net: fix fanout UAF in packet_release() via NETDEV_UP race2026-03-19
OSV
linux-raspi-5.4 vulnerabilities2025-11-07
OSV
linux-oracle-5.4 vulnerabilities2025-10-24
OSV
linux-aws vulnerabilities2025-10-21
OSV
linux-azure-fips vulnerabilities2025-10-21

📋Vendor Advisories

49
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-386172026-02-27
Ubuntu
Linux kernel (KVM) vulnerabilities2025-12-15
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-11-19
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-11-10
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-11-07
CVE-2025-38617 — Race Condition in Linux | cvebase