fkie_cve-2025-38588
Vulnerability from fkie_nvd
Published
2025-08-19 17:15
Modified
2025-08-20 14:40
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); } This is because fib6_del_route() and fib6_add_rt2node() uses list_del_rcu(), which can confuse rcu readers, because they might no longer see the head of the list. Restart the loop if f6i->fib6_nsiblings is zero.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent infinite loop in rt6_nlmsg_size()\n\nWhile testing prior patch, I was able to trigger\nan infinite loop in rt6_nlmsg_size() in the following place:\n\nlist_for_each_entry_rcu(sibling, \u0026f6i-\u003efib6_siblings,\n\t\t\tfib6_siblings) {\n\trt6_nh_nlmsg_size(sibling-\u003efib6_nh, \u0026nexthop_len);\n}\n\nThis is because fib6_del_route() and fib6_add_rt2node()\nuses list_del_rcu(), which can confuse rcu readers,\nbecause they might no longer see the head of the list.\n\nRestart the loop if f6i-\u003efib6_nsiblings is zero."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: evitar bucle infinito en rt6_nlmsg_size(). Durante las pruebas del parche anterior, logr\u00e9 activar un bucle infinito en rt6_nlmsg_size() en el siguiente lugar: list_for_each_entry_rcu(sibling, \u0026amp;f6i-\u0026gt;fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling-\u0026gt;fib6_nh, \u0026amp;nexthop_len); }. Esto se debe a que fib6_del_route() y fib6_add_rt2node() usan list_del_rcu(), lo que puede confundir a los lectores de rcu, ya que podr\u00edan dejar de ver el encabezado de la lista. Reinicie el bucle si f6i-\u0026gt;fib6_nsiblings es cero."
    }
  ],
  "id": "CVE-2025-38588",
  "lastModified": "2025-08-20T14:40:17.713",
  "metrics": {},
  "published": "2025-08-19T17:15:36.383",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.