CVE intelligence and bounded remediation

CVE-2025-38032 — In the Linux kernel, the following vulnerability has been resolved: mr: consolidate the ipmr_can_free_table() checks

Medium CVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: mr: consolidate the ipmr_can_free_table() checks. Guoyu Yin reported a splat in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [inline] WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361 Modules linked in: CPU: 2 UID: 0 PID: 14564 Comm: syz.4.838 Not tainted 6.14.0 #1 Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:ipmr_free_table net/ipv4/ipmr.c:440 [inline] RIP: 0010:ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361 Code: ff df 48 c1 ea 03 80 3c 02 00 75 7d 48 c7 83 60 05 00 00 00 00 00 00 5b 5d 41 5c 41 5d 41 5e e9 71 67 7f 00 e8 4c 2d 8a fd 90 <0f> 0b 90 eb 93 e8 41 2d 8a fd 0f b6 2d 80 54 ea 01 31 ff 89 ee e8 RSP: 0018:ffff888109547c58 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888108c12dc0 RCX: ffffffff83e09868 RDX: ffff8881022b3300 RSI: ffffffff83e098d4 RDI: 0000000000000005 RBP: ffff888104288000 R08: 0000000000000000 R09: ffffed10211825c9 R10: 0000000000000001 R11: ffff88801816c4a0 R12: 0000000000000001 R13: ffff888108c13320 R14: f…

Severity
Medium
CVSS
5.5 (3.1)
Published
2025-06-18
CISA KEV
Not currently listed
Ecosystem
linux/kernel

Affected products

  • linux / linux_kernel
  • linux / linux_kernel / 6.13
  • linux / linux_kernel / 6.15

Showing 3 representative product identities from 15 source matches. Confirm exact affected versions with the linked vendor and NVD evidence.

Matched remediation archetype

General vulnerability remediation

This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.

Check exposure

  • Confirm the affected component, deployment paths, reachable interfaces, and enabled features from inventories and configuration, without probing production destructively.
  • Compare the advisory's affected conditions with the repository lockfiles, build manifests, artifacts, and runtime inventory.
  • Identify data sensitivity, trust boundaries, and privilege level for every confirmed affected deployment.

Remediate safely

  • Apply a vendor-supported fix or remove the affected component or feature; record the selected change and its source in the repository.
  • Update direct and transitive dependency locks, generated artifacts, deployment manifests, and asset inventories together.
  • Add a regression test for the documented unsafe condition using inert inputs and preserve rollback instructions.

Authoritative sources

Complete CVE record and remediation plan

The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.