CVE-2025-38550

Advisory lineage Upstream: 0 Downstream: 56

Downstream

DEBIAN-CVE-2025-38550 DLA-4328-1 OPENSUSE-SU-2026:20287-1 RHSA-2025:15740 RHSA-2025:15782 RHSA-2025:17958

Analyzed

Published: 16 Aug 2025, 11:34

Last modified:11 May 2026, 21:30

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Aug 2025, 11:34

Published

Vulnerability first disclosed

11 May 2026, 21:30

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Affected Systems

debian•debian_linux
11.0
linux•linux
≥ 63ed8de4be81b699ca727e9f8e3344bd487806d7, < 6e4eec86fe5f6b3fdbc702d1d36ac2a6e7ec0806 | ≥ 63ed8de4be81b699ca727e9f8e3344bd487806d7, < 728db00a14cacb37f36e9382ab5fad55caf890cc | ≥ 63ed8de4be81b699ca727e9f8e3344bd487806d7, < dcbc346f50a009d8b7f4e330f9f2e22d6442fa26 | ≥ 63ed8de4be81b699ca727e9f8e3344bd487806d7, < 7929d27c747eafe8fca3eecd74a334503ee4c839 | ≥ 63ed8de4be81b699ca727e9f8e3344bd487806d7, < 5f18e0130194550dff734e155029ae734378b5ea | ≥ 63ed8de4be81b699ca727e9f8e3344bd487806d7, < ae3264a25a4635531264728859dbe9c659fad554 | 5.13
linux•linux_kernel
≥ 5.13, < 5.15.190 | ≥ 5.16, < 6.1.147 | ≥ 6.2, < 6.6.100 | ≥ 6.7, < 6.12.40 | ≥ 6.13, < 6.15.8 | 6.16:rc1 | 6.16:rc2 | 6.16:rc3 | 6.16:rc4 | 6.16:rc5 | 6.16:rc6