{"id":"CVE-2025-38588","summary":"ipv6: prevent infinite loop in rt6_nlmsg_size()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent infinite loop in rt6_nlmsg_size()\n\nWhile testing prior patch, I was able to trigger\nan infinite loop in rt6_nlmsg_size() in the following place:\n\nlist_for_each_entry_rcu(sibling, &f6i-\u003efib6_siblings,\n\t\t\tfib6_siblings) {\n\trt6_nh_nlmsg_size(sibling-\u003efib6_nh, &nexthop_len);\n}\n\nThis is because fib6_del_route() and fib6_add_rt2node()\nuses list_del_rcu(), which can confuse rcu readers,\nbecause they might no longer see the head of the list.\n\nRestart the loop if f6i-\u003efib6_nsiblings is zero.","modified":"2026-04-16T04:34:47.631986109Z","published":"2025-08-19T17:03:09.856Z","related":["SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2026:0144-1","SUSE-SU-2026:0148-1","SUSE-SU-2026:0171-1","SUSE-SU-2026:0262-1","SUSE-SU-2026:0269-1","SUSE-SU-2026:0270-1","SUSE-SU-2026:0274-1","SUSE-SU-2026:0283-1","SUSE-SU-2026:0284-1","SUSE-SU-2026:20149-1","SUSE-SU-2026:20164-1","SUSE-SU-2026:20169-1","SUSE-SU-2026:20248-1","SUSE-SU-2026:20249-1","SUSE-SU-2026:20250-1","SUSE-SU-2026:20251-1","SUSE-SU-2026:20252-1","SUSE-SU-2026:20253-1","SUSE-SU-2026:20255-1","SUSE-SU-2026:20256-1","SUSE-SU-2026:20257-1","SUSE-SU-2026:20258-1","SUSE-SU-2026:20259-1","SUSE-SU-2026:20265-1","SUSE-SU-2026:20266-1","SUSE-SU-2026:20271-1","SUSE-SU-2026:20272-1","SUSE-SU-2026:20273-1","SUSE-SU-2026:20274-1","SUSE-SU-2026:20275-1","SUSE-SU-2026:20276-1","SUSE-SU-2026:20376-1","SUSE-SU-2026:20377-1","SUSE-SU-2026:20378-1","SUSE-SU-2026:20379-1","SUSE-SU-2026:20380-1","SUSE-SU-2026:20385-1","SUSE-SU-2026:20386-1","SUSE-SU-2026:20387-1","SUSE-SU-2026:20388-1","SUSE-SU-2026:20389-1","SUSE-SU-2026:20390-1","SUSE-SU-2026:20391-1","SUSE-SU-2026:20392-1","SUSE-SU-2026:20393-1","SUSE-SU-2026:20394-1","SUSE-SU-2026:20395-1","SUSE-SU-2026:20396-1","SUSE-SU-2026:20397-1","SUSE-SU-2026:20400-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38588.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3c13db3e47e170bab19e574404e7b6be45ea873d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/46aeb66e9e54ed0d56c18615e1c3dbd502b327ab"},{"type":"WEB","url":"https://git.kernel.org/stable/c/54e6fe9dd3b0e7c481c2228782c9494d653546da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6d345136c9b875f065d226908a29c25cdf9343f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1b7932af47f92432be8303d2439d1bf77b0be23"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38588.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38588"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d0ec61c9f3583b76aebdbb271f5c0d3fcccd48b2"},{"fixed":"6d345136c9b875f065d226908a29c25cdf9343f8"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"52da02521ede55fb86546c3fffd9377b3261b91f"},{"fixed":"e1b7932af47f92432be8303d2439d1bf77b0be23"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"34a949e7a0869dfa31a40416d2a56973fae1807b"},{"fixed":"cd8d8bbd9ced4cc5d06d858f67d4aa87745e8f38"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d9ccb18f83ea2bb654289b6ecf014fd267cc988b"},{"fixed":"3c13db3e47e170bab19e574404e7b6be45ea873d"},{"fixed":"46aeb66e9e54ed0d56c18615e1c3dbd502b327ab"},{"fixed":"54e6fe9dd3b0e7c481c2228782c9494d653546da"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"11edcd026012ac18acee0f1514db3ed1b160fc6f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38588.json"}}],"schema_version":"1.7.5"}