CVE-2025-38588

{"id": "CVE-2025-38588", "cveTags": [], "metrics": {}, "published": "2025-08-19T17:15:36.383", "references": [{"url": "https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent infinite loop in rt6_nlmsg_size()\n\nWhile testing prior patch, I was able to trigger\nan infinite loop in rt6_nlmsg_size() in the following place:\n\nlist_for_each_entry_rcu(sibling, &f6i->fib6_siblings,\n\t\t\tfib6_siblings) {\n\trt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len);\n}\n\nThis is because fib6_del_route() and fib6_add_rt2node()\nuses list_del_rcu(), which can confuse rcu readers,\nbecause they might no longer see the head of the list.\n\nRestart the loop if f6i->fib6_nsiblings is zero."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: evitar bucle infinito en rt6_nlmsg_size(). Durante las pruebas del parche anterior, logr\u00e9 activar un bucle infinito en rt6_nlmsg_size() en el siguiente lugar: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); }. Esto se debe a que fib6_del_route() y fib6_add_rt2node() usan list_del_rcu(), lo que puede confundir a los lectores de rcu, ya que podr\u00edan dejar de ver el encabezado de la lista. Reinicie el bucle si f6i->fib6_nsiblings es cero."}], "lastModified": "2025-08-20T14:40:17.713", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}