CVE-2025-38432

net: netpoll: Initialize UDP checksum field before checksumming

Description

In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize UDP checksum field before checksumming commit f1fce08e63fe ("netpoll: Eliminate redundant assignment") removed the initialization of the UDP checksum, which was wrong and broke netpoll IPv6 transmission due to bad checksumming. udph->check needs to be set before calling csum_ipv6_magic().

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/353016ec159f939a380ff6746476a779367ba9a3
https://git.kernel.org/stable/c/f5990207026987a353d5a95204c4d9cb725637fd

Frequently Asked Questions

What is the severity of CVE-2025-38432?
CVE-2025-38432 has not yet been assigned a CVSS score.
How to fix CVE-2025-38432?
To fix CVE-2025-38432, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38432 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38432 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38432?
CVE-2025-38432 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.