{"id":"CVE-2025-38310","summary":"seg6: Fix validation of nexthop addresses","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.","modified":"2026-04-16T04:34:12.115003623Z","published":"2025-07-10T07:42:19.338Z","related":["SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38310.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/668923c474608dd9ebce0fbcc41bd8a27aa73dd6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7632fedb266d93ed0ed9f487133e6c6314a9b2d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd4cd09810211fa23609c5c1018352e9e1cd8e5a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cef33a86bcb04ecf4dc10c56f6c42ee9d1c54bac"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d2507aeea45b3c5aa24d5daae0cf3db76895c0b7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5d9fd13bc19a3f9f2a951c5b6e934d84205789e"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38310.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38310"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d1df6fd8a1d22d37cffa0075ab8ad423ce656777"},{"fixed":"668923c474608dd9ebce0fbcc41bd8a27aa73dd6"},{"fixed":"cef33a86bcb04ecf4dc10c56f6c42ee9d1c54bac"},{"fixed":"d2507aeea45b3c5aa24d5daae0cf3db76895c0b7"},{"fixed":"d5d9fd13bc19a3f9f2a951c5b6e934d84205789e"},{"fixed":"cd4cd09810211fa23609c5c1018352e9e1cd8e5a"},{"fixed":"7632fedb266d93ed0ed9f487133e6c6314a9b2d1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38310.json"}}],"schema_version":"1.7.5"}