CVE-2025-38019 mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices

🗓️ 18 Jun 2025 09:28:27Reported by LinuxType

Fix use-after-free in mlxsw spectrum_router for GRE net device deletion in Linux kernel.

Reporter	Title	Published	Views	Family All 96
AstraLinux	Astra Linux – Vulnerability in Linux 6.12	16 Jun 202511:28	–	astralinux
CNNVD	Linux kernel 安全漏洞	18 Jun 202500:00	–	cnnvd
CVE	CVE-2025-38019	18 Jun 202509:28	–	cve
Debian CVE	CVE-2025-38019	18 Jun 202509:28	–	debiancve
Oracle linux	Unbreakable Enterprise kernel security update	17 Jul 202500:00	–	oraclelinux
EUVD	EUVD-2025-27871	3 Oct 202520:07	–	euvd
NVD	CVE-2025-38019	18 Jun 202510:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20081-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20480)	18 Jul 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20530)	19 Aug 202500:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
    ],
    "versions": [
      {
        "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
        "lessThan": "f1ecccb5cdda39bca8cd17bb0b6cf61361e33578",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
        "lessThan": "abc43c1ffdbc801b0b04ac845bfaf1d42b8f68f7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
        "lessThan": "9ab7945f3a61ed23da412e30f1e56414c05c4f06",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8fdb09a7674c61c4f0e5faf0d63b3ce500a341b0",
        "lessThan": "92ec4855034b2c4d13f117558dc73d20581fa9ff",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.92",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.30",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.14.8",
        "lessThanOrEqual": "6.14.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/92ec4855034b2c4d13f117558dc73d20581fa9ff
git	www.git.kernel.org/stable/c/f1ecccb5cdda39bca8cd17bb0b6cf61361e33578
git	www.git.kernel.org/stable/c/abc43c1ffdbc801b0b04ac845bfaf1d42b8f68f7
git	www.git.kernel.org/stable/c/9ab7945f3a61ed23da412e30f1e56414c05c4f06

11 May 2026 21:19Current

EPSS0.00067