CVE-2025-38006 net: mctp: Don't access ifa_index when missing

🗓️ 18 Jun 2025 09:28:17Reported by LinuxType

Vulnerability resolved in Linux kernel prevents uninitialized memory access in MCTP implementation.

Reporter	Title	Published	Views	Family All 137
ATTACKERKB	CVE-2025-38006	18 Jun 202510:15	–	attackerkb
AstraLinux	Astra Linux – Vulnerability in Linux 6.12	16 Jun 202511:28	–	astralinux
BDU FSTEC	The vulnerability of the mctp_dump_addrinfo() function in the Linux kernel’s network component allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.	28 Jul 202500:00	–	bdu_fstec
Circl	CVE-2025-38006	19 Mar 202600:00	–	circl
CNNVD	Linux kernel 安全漏洞	18 Jun 202500:00	–	cnnvd
CVE	CVE-2025-38006	18 Jun 202509:28	–	cve
Debian CVE	CVE-2025-38006	18 Jun 202509:28	–	debiancve
EUVD	EUVD-2025-27859	3 Oct 202520:07	–	euvd
Microsoft CVE	net: mctp: Don't access ifa_index when missing	16 Nov 202501:05	–	mscve
NVD	CVE-2025-38006	18 Jun 202510:15	–	nvd

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/mctp/device.c"
    ],
    "versions": [
      {
        "version": "583be982d93479ea3d85091b0fd0b01201ede87d",
        "lessThan": "8ef7b3f0db69e2f4a80be351f6aee9a4c2332ef9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "583be982d93479ea3d85091b0fd0b01201ede87d",
        "lessThan": "acab78ae12c7fefb4f3bfe22e00770a5faa42724",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "583be982d93479ea3d85091b0fd0b01201ede87d",
        "lessThan": "d4d1561d17eb72908e4489c0900d96e0484fac20",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "583be982d93479ea3d85091b0fd0b01201ede87d",
        "lessThan": "24fa213dffa470166ec014f979f36c6ff44afb45",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "583be982d93479ea3d85091b0fd0b01201ede87d",
        "lessThan": "f11cf946c0a92c560a890d68e4775723353599e1",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/mctp/device.c"
    ],
    "versions": [
      {
        "version": "5.15",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.15",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.15.203",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.92",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.30",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.14.8",
        "lessThanOrEqual": "6.14.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/8ef7b3f0db69e2f4a80be351f6aee9a4c2332ef9
git	www.git.kernel.org/stable/c/f11cf946c0a92c560a890d68e4775723353599e1
git	www.git.kernel.org/stable/c/d4d1561d17eb72908e4489c0900d96e0484fac20
git	www.git.kernel.org/stable/c/24fa213dffa470166ec014f979f36c6ff44afb45
git	www.git.kernel.org/stable/c/acab78ae12c7fefb4f3bfe22e00770a5faa42724

11 May 2026 21:19Current

EPSS0.00063