CVE-2025-38544

Medium

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg() and sendmsg() together. The preallocated call IDs will automatically be attached to calls as they come in until the pool is empty. To the kernel, the call IDs are just arbitrary numbers, but userspace can use the call ID to hold a pointer to prepared structs. In any case, the user isn't permitted to create two calls with the same call ID (call IDs become available again when the call ends) and EBADSLT should result from sendmsg() if an attempt is made to preallocate a call with an in-use call ID. However, the cleanup in the error handling will trigger both assertions in rxrpc_cleanup_call() because the call isn't marked complete and isn't marked as having been released. Fix this by setting the call state in rxrpc_service_prealloc_one() and then marking it as being released before calling the cleanup function.

Package Linux Kernel
Published 2025-08-16
Last modified 2025-11-18
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

5.5

out of 10
Medium
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-617

CVE-2025-38544 is classified as CWE-617

See CWE-617 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 4.9 and later are affected. Fixed in 6.6.99, 6.12.39, 6.15.7, 6.16 and their respective stable series.

Affected from
≥ 4.9
Fixed in
✓ 6.6.99 6.6.x ✓ 6.12.39 6.12.x ✓ 6.15.7 6.15.x ✓ 6.16

References

The following references provide additional information about CVE-2025-38544 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

4 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2025-38544?

    CVE-2025-38544 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 4.9 onward and has been patched in 6.6.99, 6.12.39, 6.15.7 and others. CVE-2025-38544 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2025-38544?

    CVE-2025-38544 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H .

  • Is there a patch available for CVE-2025-38544?

    Yes — CVE-2025-38544 has been patched. Fixed versions include 6.6.99, 6.12.39, 6.15.7 and others. If you are running Linux kernel 4.9 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2025-38544 actively exploited?

    No — CVE-2025-38544 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST