Bug 2388941 (CVE-2025-38550) - CVE-2025-38550 kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
Summary: CVE-2025-38550 kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
Keywords:
Status: NEW
Alias: CVE-2025-38550
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-16 12:02 UTC by OSIDB Bzimport
Modified: 2025-11-12 15:05 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:15740 0 None None None 2025-09-15 08:01:45 UTC
Red Hat Product Errata RHSA-2025:15782 0 None None None 2025-09-15 10:21:38 UTC
Red Hat Product Errata RHSA-2025:17958 0 None None None 2025-10-14 08:27:07 UTC
Red Hat Product Errata RHSA-2025:18279 0 None None None 2025-10-20 00:07:44 UTC
Red Hat Product Errata RHSA-2025:18280 0 None None None 2025-10-20 00:19:22 UTC
Red Hat Product Errata RHSA-2025:21091 0 None None None 2025-11-12 08:08:39 UTC
Red Hat Product Errata RHSA-2025:21136 0 None None None 2025-11-12 15:05:06 UTC

Description OSIDB Bzimport 2025-08-16 12:02:46 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: Delay put pmc->idev in mld_del_delrec()

pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec()
does, the reference should be put after ip6_mc_clear_src() return.
Comment 1 Alexander B 2025-08-18 09:12:05 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025081628-CVE-2025-38550-9bfd@gregkh/T
Comment 3 errata-xmlrpc 2025-09-15 08:01:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:15740 https://access.redhat.com/errata/RHSA-2025:15740
Comment 4 errata-xmlrpc 2025-09-15 10:21:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:15782 https://access.redhat.com/errata/RHSA-2025:15782
Comment 6 errata-xmlrpc 2025-10-14 08:27:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:17958 https://access.redhat.com/errata/RHSA-2025:17958
Comment 9 errata-xmlrpc 2025-10-20 00:07:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:18279 https://access.redhat.com/errata/RHSA-2025:18279
Comment 10 errata-xmlrpc 2025-10-20 00:19:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:18280 https://access.redhat.com/errata/RHSA-2025:18280
Comment 11 errata-xmlrpc 2025-11-12 08:08:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21091 https://access.redhat.com/errata/RHSA-2025:21091
Comment 12 errata-xmlrpc 2025-11-12 15:05:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21136 https://access.redhat.com/errata/RHSA-2025:21136
Note You need to log in before you can comment on or make changes to this bug.