CVE-2025-38552
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves race conditions in the Linux kernel's Multipath TCP (mptcp) implementation, specifically between subflow failure and subflow creation. The issue arises when there are concurrent operations that cause conflicts between failing a subflow and creating additional subflows, which can lead to unexpected behavior. The fix involves using a separate flag to track when the socket state prevents additional subflow creation, protected by a fallback lock to avoid these race conditions.
How can this vulnerability impact me? :
The vulnerability could cause instability or unexpected behavior in network connections using Multipath TCP by allowing race conditions between subflow failure and creation. This might lead to connection issues or degraded network performance in systems relying on mptcp.