CVE-2025-38037
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2: vxlan_xmit+0xadf/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000fffbac6e -> 0x00000000fffbac6f Reported by Kernel Concurrency Sanitizer on: CPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 [2] #!/bin/bash set +H echo whitelist > /sys/kernel/debug/kcsan echo !vxlan_xmit > /sys/kernel/debug/kcsan ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1 bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1 taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q & taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38037
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.7 (inc) to 5.4.294 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.238 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.185 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.141 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.93 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.31 (exc)
linux linux_kernel From 6.13 (inc) to 6.14.9 (exc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a data race condition in the Linux kernel's vxlan module. Specifically, the 'used' and 'updated' fields in the Forwarding Database (FDB) entry structure can be accessed concurrently by multiple threads without proper synchronization. This can lead to inconsistent or unexpected behavior, as multiple threads may read and write these fields simultaneously. The issue was detected by the Kernel Concurrency Sanitizer (KCSAN) and can be reproduced using specific commands that simulate concurrent access to the vxlan FDB entries. The fix involves annotating these accesses with READ_ONCE() and WRITE_ONCE() to prevent data races.


How can this vulnerability impact me? :

This vulnerability can cause data races in the Linux kernel's vxlan networking code, potentially leading to unpredictable behavior such as corrupted data in the forwarding database, kernel instability, or crashes. Since vxlan is used for network virtualization, this could impact network reliability and performance on affected systems, especially those using vxlan for overlay networking. However, the description does not specify any direct security exploit such as privilege escalation or information disclosure.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected using the Kernel Concurrency Sanitizer (KCSAN) which reports data races in the vxlan_xmit function. A reproduction script is provided that sets up a vxlan interface and uses the mausezahn tool to generate traffic on specific CPUs to trigger the race condition. The commands include: 1. echo whitelist > /sys/kernel/debug/kcsan 2. echo !vxlan_xmit > /sys/kernel/debug/kcsan 3. ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1 4. bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1 5. taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q & 6. taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that annotates the 'used' and 'updated' fields in the FDB entry structure with READ_ONCE() / WRITE_ONCE() to prevent concurrent data races. Until the patch is applied, monitoring for KCSAN reports and avoiding concurrent access patterns that trigger the race condition may help reduce impact. Specific mitigation commands or workarounds are not provided in the available information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart