CVE-2025-38006
- Source
- https://cve.org/CVERecord?id=CVE-2025-38006
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38006.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38006
- Downstream
- Related
- Published
- 2025-06-18T09:28:17.773Z
- Modified
- 2026-05-15T11:53:26.485544239Z
- Summary
- net: mctp: Don't access ifa_index when missing
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: mctp: Don't access ifa_index when missing
In mctpdumpaddrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible in the syzkaller case from dhcpd, or busybox "ip addr show".
The kernel MCTP implementation has always filtered by ifaindex, so existing userspace programs expecting to dump MCTP addresses must already be passing a valid ifaindex value (either 0 or a real index).
BUG: KMSAN: uninit-value in mctpdumpaddrinfo+0x208/0xac0 net/mctp/device.c:128 mctpdumpaddrinfo+0x208/0xac0 net/mctp/device.c:128 rtnldumpall+0x3ec/0x5b0 net/core/rtnetlink.c:4380 rtnldumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824 netlinkdump+0x97b/0x1690 net/netlink/af_netlink.c:2309
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38006.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/24fa213dffa470166ec014f979f36c6ff44afb45
- https://git.kernel.org/stable/c/8ef7b3f0db69e2f4a80be351f6aee9a4c2332ef9
- https://git.kernel.org/stable/c/acab78ae12c7fefb4f3bfe22e00770a5faa42724
- https://git.kernel.org/stable/c/d4d1561d17eb72908e4489c0900d96e0484fac20
- https://git.kernel.org/stable/c/f11cf946c0a92c560a890d68e4775723353599e1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38006.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38006
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git