CVE-2025-38588

ipv6: prevent infinite loop in rt6_nlmsg_size()

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); } This is because fib6_del_route() and fib6_add_rt2node() uses list_del_rcu(), which can confuse rcu readers, because they might no longer see the head of the list. Restart the loop if f6i->fib6_nsiblings is zero.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8
https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23
https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38
https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab
https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da

Frequently Asked Questions

What is the severity of CVE-2025-38588?
CVE-2025-38588 has not yet been assigned a CVSS score.
How to fix CVE-2025-38588?
To fix CVE-2025-38588, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38588 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38588 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38588?
CVE-2025-38588 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.