Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-38588

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-19 Aug, 2025 | 17:03
Updated At-19 Aug, 2025 | 17:03
Rejected At-
Credits

ipv6: prevent infinite loop in rt6_nlmsg_size()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); } This is because fib6_del_route() and fib6_add_rt2node() uses list_del_rcu(), which can confuse rcu readers, because they might no longer see the head of the list. Restart the loop if f6i->fib6_nsiblings is zero.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Aug, 2025 | 17:03
Updated At:19 Aug, 2025 | 17:03
Rejected At:
▼CVE Numbering Authority (CNA)
ipv6: prevent infinite loop in rt6_nlmsg_size()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); } This is because fib6_del_route() and fib6_add_rt2node() uses list_del_rcu(), which can confuse rcu readers, because they might no longer see the head of the list. Restart the loop if f6i->fib6_nsiblings is zero.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv6/ip6_fib.c
  • net/ipv6/route.c
Default Status
unaffected
Versions
Affected
  • From d0ec61c9f3583b76aebdbb271f5c0d3fcccd48b2 before 6d345136c9b875f065d226908a29c25cdf9343f8 (git)
  • From 52da02521ede55fb86546c3fffd9377b3261b91f before e1b7932af47f92432be8303d2439d1bf77b0be23 (git)
  • From 34a949e7a0869dfa31a40416d2a56973fae1807b before cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38 (git)
  • From d9ccb18f83ea2bb654289b6ecf014fd267cc988b before 3c13db3e47e170bab19e574404e7b6be45ea873d (git)
  • From d9ccb18f83ea2bb654289b6ecf014fd267cc988b before 46aeb66e9e54ed0d56c18615e1c3dbd502b327ab (git)
  • From d9ccb18f83ea2bb654289b6ecf014fd267cc988b before 54e6fe9dd3b0e7c481c2228782c9494d653546da (git)
  • 11edcd026012ac18acee0f1514db3ed1b160fc6f (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv6/ip6_fib.c
  • net/ipv6/route.c
Default Status
affected
Versions
Affected
  • 6.13
Unaffected
  • From 0 before 6.13 (semver)
  • From 6.1.148 through 6.1.* (semver)
  • From 6.6.102 through 6.6.* (semver)
  • From 6.12.42 through 6.12.* (semver)
  • From 6.15.10 through 6.15.* (semver)
  • From 6.16.1 through 6.16.* (semver)
  • From 6.17-rc1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8
N/A
https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23
N/A
https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38
N/A
https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
N/A
https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab
N/A
https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da
N/A
Hyperlink: https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Aug, 2025 | 17:15
Updated At:20 Aug, 2025 | 14:40

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); } This is because fib6_del_route() and fib6_add_rt2node() uses list_del_rcu(), which can confuse rcu readers, because they might no longer see the head of the list. Restart the loop if f6i->fib6_nsiblings is zero.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
Hyperlink: https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found