{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T18:46:43.786","vulnerabilities":[{"cve":{"id":"CVE-2025-38032","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-06-18T10:15:35.357","lastModified":"2025-11-14T17:09:21.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmr: consolidate the ipmr_can_free_table() checks.\n\nGuoyu Yin reported a splat in the ipmr netns cleanup path:\n\nWARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [inline]\nWARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361\nModules linked in:\nCPU: 2 UID: 0 PID: 14564 Comm: syz.4.838 Not tainted 6.14.0 #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:ipmr_free_table net/ipv4/ipmr.c:440 [inline]\nRIP: 0010:ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361\nCode: ff df 48 c1 ea 03 80 3c 02 00 75 7d 48 c7 83 60 05 00 00 00 00 00 00 5b 5d 41 5c 41 5d 41 5e e9 71 67 7f 00 e8 4c 2d 8a fd 90 <0f> 0b 90 eb 93 e8 41 2d 8a fd 0f b6 2d 80 54 ea 01 31 ff 89 ee e8\nRSP: 0018:ffff888109547c58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff888108c12dc0 RCX: ffffffff83e09868\nRDX: ffff8881022b3300 RSI: ffffffff83e098d4 RDI: 0000000000000005\nRBP: ffff888104288000 R08: 0000000000000000 R09: ffffed10211825c9\nR10: 0000000000000001 R11: ffff88801816c4a0 R12: 0000000000000001\nR13: ffff888108c13320 R14: ffff888108c12dc0 R15: fffffbfff0b74058\nFS: 00007f84f39316c0(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f84f3930f98 CR3: 0000000113b56000 CR4: 0000000000350ef0\nCall Trace:\n \n ipmr_net_exit_batch+0x50/0x90 net/ipv4/ipmr.c:3160\n ops_exit_list+0x10c/0x160 net/core/net_namespace.c:177\n setup_net+0x47d/0x8e0 net/core/net_namespace.c:394\n copy_net_ns+0x25d/0x410 net/core/net_namespace.c:516\n create_new_namespaces+0x3f6/0xaf0 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc3/0x180 kernel/nsproxy.c:228\n ksys_unshare+0x78d/0x9a0 kernel/fork.c:3342\n __do_sys_unshare kernel/fork.c:3413 [inline]\n __se_sys_unshare kernel/fork.c:3411 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3411\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f84f532cc29\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f84f3931038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f84f5615fa0 RCX: 00007f84f532cc29\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000400\nRBP: 00007f84f53fba18 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f84f5615fa0 R15: 00007fff51c5f328\n \n\nThe running kernel has CONFIG_IP_MROUTE_MULTIPLE_TABLES disabled, and\nthe sanity check for such build is still too loose.\n\nAddress the issue consolidating the relevant sanity check in a single\nhelper regardless of the kernel configuration. Also share it between\nthe ipv4 and ipv6 code."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mr: consolidar las comprobaciones ipmr_can_free_table(). Guoyu Yin informó un splat en la ruta de limpieza de ipmr netns: ADVERTENCIA: CPU: 2 PID: 14564 en net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [en línea] ADVERTENCIA: CPU: 2 PID: 14564 en net/ipv4/ipmr.c:440 ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361 Módulos vinculados: CPU: 2 UID: 0 PID: 14564 Comm: syz.4.838 No contaminado 6.14.0 #1 Nombre del hardware: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 RIP: 0010:ipmr_free_table net/ipv4/ipmr.c:440 [en línea] RIP: 0010:ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361 Código: ff df 48 c1 ea 03 80 3c 02 00 75 7d 48 c7 83 60 05 00 00 00 00 00 00 5b 5d 41 5c 41 5d 41 5e e9 71 67 7f 00 e8 4c 2d 8a fd 90 <0f> 0b 90 eb 93 e8 41 2d 8a fd 0f b6 2d 80 54 ea 01 31 ff 89 ee e8 RSP: 0018:ffff888109547c58 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888108c12dc0 RCX: ffffffff83e09868 RDX: ffff8881022b3300 RSI: ffffffff83e098d4 RDI: 000000000000000005 RBP: ffff888104288000 R08: 0000000000000000 R09: ffffed10211825c9 R10: 0000000000000001 R11: ffff88801816c4a0 R12: 0000000000000001 R13: ffff888108c13320 R14: ffff888108c12dc0 R15: fffffbfff0b74058 FS: 00007f84f39316c0(0000) GS:ffff88811b100000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f84f3930f98 CR3: 0000000113b56000 CR4: 0000000000350ef0 Rastreo de llamadas: ipmr_net_exit_batch+0x50/0x90 net/ipv4/ipmr.c:3160 ops_exit_list+0x10c/0x160 net/core/net_namespace.c:177 setup_net+0x47d/0x8e0 net/core/net_namespace.c:394 copy_net_ns+0x25d/0x410 net/core/net_namespace.c:516 create_new_namespaces+0x3f6/0xaf0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc3/0x180 kernel/nsproxy.c:228 ksys_unshare+0x78d/0x9a0 kernel/fork.c:3342 __do_sys_unshare kernel/fork.c:3413 [inline] __se_sys_unshare kernel/fork.c:3411 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:3411 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f84f532cc29 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f84f3931038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f84f5615fa0 RCX: 00007f84f532cc29 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000400 RBP: 00007f84f53fba18 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f84f5615fa0 R15: 00007fff51c5f328 El kernel en ejecución tiene CONFIG_IP_MROUTE_MULTIPLE_TABLES deshabilitado, y la comprobación de integridad para dicha compilación sigue siendo demasiado imprecisa. Solucione el problema consolidando la comprobación de integridad relevante en un único asistente, independientemente de la configuración del kernel. Además, compártala entre el código IPv4 e IPv6."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.1","versionEndExcluding":"6.14.9","matchCriteriaId":"CD4372DC-188B-4140-B000-AA8D5BC0BE24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*","matchCriteriaId":"5A3F9505-6B98-4269-8B81-127E55A1BF00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*","matchCriteriaId":"5A073481-106D-4B15-B4C7-FB0213B8E1D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*","matchCriteriaId":"DE491969-75AE-4A6B-9A58-8FC5AF98798F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*","matchCriteriaId":"93C0660D-7FB8-4FBA-892A-B064BA71E49E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*","matchCriteriaId":"034C36A6-C481-41F3-AE9A-D116E5BE6895"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*","matchCriteriaId":"8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*","matchCriteriaId":"5DFCDFB8-4FD0-465A-9076-D813D78FE51B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*","matchCriteriaId":"13FC0DDE-E513-465E-9E81-515702D49B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*","matchCriteriaId":"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*","matchCriteriaId":"2D240580-3048-49B2-9E27-F115A9DF8224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*","matchCriteriaId":"90320558-E553-4EF5-8A0B-0F5D20113BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:*","matchCriteriaId":"C300BA32-5854-4B59-A00A-18A402F291D0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c518ae98302ab37786d5ba5d43e9ac6d6f894e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c46286fdd6aa1d0e33c245bcffe9ff2428a777bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}