CVE-2025-38184

MEDIUM EPSS 5.6%
Published Jul 4, 202512mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 4, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started in network mode tipc: Node identity 8af312d38a21, cluster identity 4711 tipc: Enabled bearer <eth:syz_tun>, priority 1 Oops: general protection fault KASAN: null-ptr-deref in range CPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT Hardware name: QEMU Ubuntu 24.04 PC RIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0 the ub was in fact a struct dev. when bid != 0 && skip_cnt != 0, bearer_list[bid] may be NULL or other media when other thread changes it. fix this by checking media_id.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥4.9  –  <5.4.295
linuxlinux_kernel*≥5.5  –  <5.10.239
linuxlinux_kernel*≥5.11  –  <5.15.186
linuxlinux_kernel*≥5.16  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.95
linuxlinux_kernel*≥6.7  –  <6.12.35
linuxlinux_kernel*≥6.13  –  <6.15.4
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/05d332ba075753d569d66333d62d60fff5f57ad8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0d3d91c3500f0c480e016faa4e2259c588616e59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f4a72fb266e48dbe928e1d936eab149e4ac3e1b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3998283e4c32c0fe69edd59b0876c193f50abce6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8595350615f952fcf8bc861464a6bf6b1129af50
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2e17984752b9131061d1a2ca1199da2706337fd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3dfe821dfe091c0045044343c8d86596d66e2cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f82727adcf2992822e12198792af450a76ebd5ef
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05d332ba075753d569d66333d62d60fff5f57ad8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0d3d91c3500f0c480e016faa4e2259c588616e59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f4a72fb266e48dbe928e1d936eab149e4ac3e1b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3998283e4c32c0fe69edd59b0876c193f50abce6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8595350615f952fcf8bc861464a6bf6b1129af50
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2e17984752b9131061d1a2ca1199da2706337fd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3dfe821dfe091c0045044343c8d86596d66e2cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f82727adcf2992822e12198792af450a76ebd5ef
    Patch