CVE-2025-38310
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/07/2025
Last modified:
10/07/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
seg6: Fix validation of nexthop addresses<br />
<br />
The kernel currently validates that the length of the provided nexthop<br />
address does not exceed the specified length. This can lead to the<br />
kernel reading uninitialized memory if user space provided a shorter<br />
length than the specified one.<br />
<br />
Fix by validating that the provided length exactly matches the specified<br />
one.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/668923c474608dd9ebce0fbcc41bd8a27aa73dd6
- https://git.kernel.org/stable/c/7632fedb266d93ed0ed9f487133e6c6314a9b2d1
- https://git.kernel.org/stable/c/cd4cd09810211fa23609c5c1018352e9e1cd8e5a
- https://git.kernel.org/stable/c/cef33a86bcb04ecf4dc10c56f6c42ee9d1c54bac
- https://git.kernel.org/stable/c/d2507aeea45b3c5aa24d5daae0cf3db76895c0b7
- https://git.kernel.org/stable/c/d5d9fd13bc19a3f9f2a951c5b6e934d84205789e