CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier()

Published Aug 22, 2025
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix a race in packetsetring() and packetnotifier()

When packetsetring() releases po->bindlock, another thread can run packetnotifier() and process an NETDEVUP event.

This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packetbind() and packetnotifier()").

There too the packetnotifier NETDEVUP event managed to run while a po->bindlock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken.

The po->bindlock in packetsetring and packetnotifier precede the introduction of git history.

Affected Software

18 affected componentsFixes available
Linux Linux kernel
Linux Linux kernel>=2.6.13<5.4.297
Linux Linux kernel>=5.5<5.10.241
Linux Linux kernel>=5.11<5.15.190
Linux Linux kernel>=5.16<6.1.148
Linux Linux kernel>=6.2<6.6.102
Linux Linux kernel>=6.7<6.12.42
Linux Linux kernel>=6.13<6.15.10
Linux Linux kernel>=6.16<6.16.1
Linux Linux kernel=2.6.12
Linux Linux kernel=2.6.12-rc2
Linux Linux kernel=2.6.12-rc3
Linux Linux kernel=2.6.12-rc4
Linux Linux kernel=2.6.12-rc5
Debian Debian Linux=11.0
Microsoft azl3 kernel 6.6.96.2-1
Microsoft azl3 kernel 6.6.96.2-2
Patch available
Microsoft cbl2 kernel 5.15.186.1-1
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/01d3c8417b9c1b884a8a981a3b886da556512f36

Patch Available

https://git.kernel.org/stable/c/18f13f2a83eb81be349a9757ba2141ff1da9ad73

Patch Available

https://git.kernel.org/stable/c/7da733f117533e9b2ebbd530a22ae4028713955c

Patch Available

https://git.kernel.org/stable/c/7de07705007c7e34995a5599aaab1d23e762d7ca

Patch Available

https://git.kernel.org/stable/c/88caf46db8239e6471413d28aabaa6b8bd552805

Patch Available

https://git.kernel.org/stable/c/ba2257034755ae773722f15f4c3ad1dcdad15ca9

Patch Available

https://git.kernel.org/stable/c/e50ccfaca9e3c671cae917dcb994831a859cf588

Patch Available

https://git.kernel.org/stable/c/f1791fd7b845bea0ce9674fcf2febee7bc87a893

Patch Available

https://git.kernel.org/stable/c/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df

Event History

Aug 22, 2025
CVE Published
via MITRE·01:01 PM
Data Sourced
via MITRE·01:01 PM
Description
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Sep 3, 2025
Data Sourced
via Microsoft·10:34 PM
DescriptionSeverityWeaknessAffected Software
Sep 4, 2025
Updated
via Microsoft·05:34 AM
SeverityAffected Software
Updated
via Microsoft·05:34 AM
DescriptionSeverity
Apr 17, 2026
Data Sourced
12:00 AM
Weakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-38617?

The severity of CVE-2025-38617 is considered medium due to the potential race condition in the Linux kernel.

2

How do I fix CVE-2025-38617?

To fix CVE-2025-38617, update to the latest version of the Linux kernel where the vulnerability has been patched.

3

What systems are affected by CVE-2025-38617?

CVE-2025-38617 affects Linux systems using the affected versions of the Linux kernel.

4

What are the potential impacts of CVE-2025-38617?

The potential impacts of CVE-2025-38617 include possible denial of service due to the race condition.

5

Is CVE-2025-38617 publicly disclosed?

Yes, CVE-2025-38617 has been publicly disclosed and is documented in security advisories.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2025-38617 - net/packet: fix a race in packet_set_ring() and packet_notifier() - SecAlerts