CVE-2025-38587

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible infinite loop in fib6_info_uses_dev()

fib6_info_uses_dev() seems to rely on RCU without an explicit protection.

Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route() or fib6_add_rt2node() have not removed the anchor from the list, or we risk an infinite loop.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd0ec61c9f3583b76aebdbb271f5c0d3fcccd48b2 < bc85e62394f008fa848c4ba02c936c735a3e8ef5affected
LinuxLinux52da02521ede55fb86546c3fffd9377b3261b91f < 9cb6de8ee144a94ae7a40bdb32560329ab7276f0affected
LinuxLinux34a949e7a0869dfa31a40416d2a56973fae1807b < db65739d406c72776fbdbbc334be827ef05880d2affected
LinuxLinuxd9ccb18f83ea2bb654289b6ecf014fd267cc988b < 16d21816c0918f8058b5fc14cbe8595d62046e2daffected
LinuxLinuxd9ccb18f83ea2bb654289b6ecf014fd267cc988b < e09be457b71b983a085312ff9e981f51e4ed3211affected
LinuxLinuxd9ccb18f83ea2bb654289b6ecf014fd267cc988b < f8d8ce1b515a0a6af72b30502670a406cfb75073affected
LinuxLinux11edcd026012ac18acee0f1514db3ed1b160fc6faffected
LinuxLinux6.1.128 < 6.1.148affected
LinuxLinux6.6.75 < 6.6.102affected
LinuxLinux6.12.2 < 6.12.42affected
LinuxLinux6.11.11 < 6.12affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.1.148 <= 6.1.*unaffected
LinuxLinux6.6.102 <= 6.6.*unaffected
LinuxLinux6.12.42 <= 6.12.*unaffected
LinuxLinux6.15.10 <= 6.15.*unaffected
LinuxLinux6.16.1 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References