{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38006","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.977Z","datePublished":"2025-06-18T09:28:17.773Z","dateUpdated":"2026-05-11T21:19:29.451Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:19:29.451Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don't access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mctp/device.c"],"versions":[{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"8ef7b3f0db69e2f4a80be351f6aee9a4c2332ef9","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"acab78ae12c7fefb4f3bfe22e00770a5faa42724","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"d4d1561d17eb72908e4489c0900d96e0484fac20","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"24fa213dffa470166ec014f979f36c6ff44afb45","status":"affected","versionType":"git"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"f11cf946c0a92c560a890d68e4775723353599e1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mctp/device.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.6.92","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.30","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.8","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.12.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.14.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8ef7b3f0db69e2f4a80be351f6aee9a4c2332ef9"},{"url":"https://git.kernel.org/stable/c/acab78ae12c7fefb4f3bfe22e00770a5faa42724"},{"url":"https://git.kernel.org/stable/c/d4d1561d17eb72908e4489c0900d96e0484fac20"},{"url":"https://git.kernel.org/stable/c/24fa213dffa470166ec014f979f36c6ff44afb45"},{"url":"https://git.kernel.org/stable/c/f11cf946c0a92c560a890d68e4775723353599e1"}],"title":"net: mctp: Don't access ifa_index when missing","x_generator":{"engine":"bippy-1.2.0"}}}}