Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route() or fib6_add_rt2node() have not removed the anchor from the list, or we risk an infinite loop.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.1.128, < 6.1.148 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/16d21816c0918f8058b5fc14cbe8595d62046e2dPatch
- https://git.kernel.org/stable/c/9cb6de8ee144a94ae7a40bdb32560329ab7276f0Patch
- https://git.kernel.org/stable/c/bc85e62394f008fa848c4ba02c936c735a3e8ef5Patch
- https://git.kernel.org/stable/c/db65739d406c72776fbdbbc334be827ef05880d2Patch
- https://git.kernel.org/stable/c/e09be457b71b983a085312ff9e981f51e4ed3211Patch
- https://git.kernel.org/stable/c/f8d8ce1b515a0a6af72b30502670a406cfb75073Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
FAQ
What is CVE-2025-38587?
CVE-2025-38587 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection....
How severe is CVE-2025-38587?
CVE-2025-38587 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38587?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.