Wiz
Vulnerability DatabaseCVE-2025-38441

CVE-2025-38441
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2025-38441 is a vulnerability discovered in the Linux kernel's netfilter subsystem, specifically in the nfflowpppoe_proto() function. The vulnerability was identified on July 25, 2025, and involves an uninitialized value access issue in the netfilter flowtable implementation (NVD, RedHat).

Technical details

The vulnerability stems from the netfilter flowtable implementation failing to account for the Ethernet header in nfflowpppoeproto(). This oversight results in potential access to uninitialized values in the nfflowoffloadinethook function, specifically at net/netfilter/nfflowtableinet.c:27. The issue has been assigned a CVSS v3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (RedHat).

Impact

The vulnerability affects the kernel's network packet processing capabilities, specifically in the handling of PPPoE (Point-to-Point Protocol over Ethernet) traffic. The primary impact is potential system instability due to access to uninitialized memory values, which could lead to high availability impacts (RedHat).

Mitigation and workarounds

Red Hat has indicated that fixes are deferred for Red Hat Enterprise Linux 9 and Red Hat Enterprise Linux 10, while versions 6, 7, and 8 are not affected. The fix involves properly accounting for the Ethernet header in the nfflowpppoe_proto() function (RedHat).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40343MEDIUM6.4
  • Linux KernelLinux Kernel
  • linux-aws-fips
NoYesDec 09, 2025
CVE-2025-40342MEDIUM6.4
  • Linux KernelLinux Kernel
  • linux-azure-5.4
NoYesDec 09, 2025
CVE-2025-40341MEDIUM5.1
  • Linux KernelLinux Kernel
  • libperf-devel
NoYesDec 09, 2025
CVE-2025-40345N/AN/A
  • Linux KernelLinux Kernel
  • kernel-firmware
NoYesDec 12, 2025
CVE-2025-40344N/AN/A
  • Linux KernelLinux Kernel
  • linux-riscv
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo