Linux Kernel up to 6.16.0 packet_set_ring/packet_notifier race condition

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.6 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. This impacts the function packet_set_ring/packet_notifier. Such manipulation leads to race condition.
This vulnerability is traded as CVE-2025-38617. There is no exploit available.
The affected component should be upgraded.
Details
A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 and classified as problematic. Affected by this issue is the function packet_set_ring/packet_notifier. The manipulation with an unknown input leads to a race condition vulnerability. Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. Impacted is availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.
The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2025-38617 since 04/16/2025. The exploitation is known to be difficult. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 264665 (SUSE SLES12 Security Update : kernel (SUSE-SU-2025:03204-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.1.148, 6.6.102, 6.12.42, 6.15.10, 6.16.1 or 6.17-rc1 eliminates this vulnerability. Applying the patch 7de07705007c7e34995a5599aaab1d23e762d7ca/88caf46db8239e6471413d28aabaa6b8bd552805/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df/e50ccfaca9e3c671cae917dcb994831a859cf588/f1791fd7b845bea0ce9674fcf2febee7bc87a893/01d3c8417b9c1b884a8a981a3b886da556512f36 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (264665) and CERT Bund (WID-SEC-2025-1898). Once again VulDB remains the best source for vulnerability data.
Affected
- Debian Linux
- Google Cloud Platform
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- NetApp AFF
- NetApp ActiveIQ Unified Manager
- SUSE openSUSE
- Dell Avamar
- NetApp FAS
- Open Source Linux Kernel
- Dell NetWorker
- Dell Secure Connect Gateway
- Dell ECS
Product
Type
Vendor
Name
Version
- 6.0
- 6.1
- 6.1.147
- 6.2
- 6.3
- 6.4
- 6.5
- 6.6
- 6.6.101
- 6.7
- 6.8
- 6.9
- 6.10
- 6.11
- 6.12
- 6.12.0
- 6.12.1
- 6.12.2
- 6.12.3
- 6.12.4
- 6.12.5
- 6.12.6
- 6.12.7
- 6.12.8
- 6.12.9
- 6.12.10
- 6.12.11
- 6.12.12
- 6.12.13
- 6.12.14
- 6.12.15
- 6.12.16
- 6.12.17
- 6.12.18
- 6.12.19
- 6.12.20
- 6.12.21
- 6.12.22
- 6.12.23
- 6.12.24
- 6.12.25
- 6.12.26
- 6.12.27
- 6.12.28
- 6.12.29
- 6.12.30
- 6.12.31
- 6.12.32
- 6.12.33
- 6.12.34
- 6.12.35
- 6.12.36
- 6.12.37
- 6.12.38
- 6.12.39
- 6.12.40
- 6.12.41
- 6.13
- 6.14
- 6.15
- 6.15.0
- 6.15.1
- 6.15.2
- 6.15.3
- 6.15.4
- 6.15.5
- 6.15.6
- 6.15.7
- 6.15.8
- 6.15.9
- 6.16.0
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.7VulDB Meta Temp Score: 3.6
VulDB Base Score: 2.6
VulDB Temp Score: 2.5
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 4.7
NVD Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 264665
Nessus Name: SUSE SLES12 Security Update : kernel (SUSE-SU-2025:03204-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.1.148/6.6.102/6.12.42/6.15.10/6.16.1/6.17-rc1
Patch: 7de07705007c7e34995a5599aaab1d23e762d7ca/88caf46db8239e6471413d28aabaa6b8bd552805/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df/e50ccfaca9e3c671cae917dcb994831a859cf588/f1791fd7b845bea0ce9674fcf2febee7bc87a893/01d3c8417b9c1b884a8a981a3b886da556512f36
Timeline
04/16/2025 CVE reserved08/22/2025 Advisory disclosed
08/22/2025 VulDB entry created
05/28/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2025-38617 (🔒)
GCVE (CVE): GCVE-0-2025-38617
GCVE (VulDB): GCVE-100-321044
CERT Bund: WID-SEC-2025-1898 - Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und Privilegieneskalation
Entry
Created: 08/22/2025 15:53Updated: 05/28/2026 15:32
Changes: 08/22/2025 15:53 (58), 09/13/2025 19:47 (2), 09/22/2025 00:27 (7), 09/23/2025 15:53 (1), 10/17/2025 19:40 (1), 10/26/2025 07:27 (1), 11/10/2025 13:50 (1), 01/07/2026 18:17 (15), 02/13/2026 17:13 (2), 03/05/2026 08:31 (2), 05/28/2026 15:32 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.