Main Vulnerability Database SB20250620126

SB20250620126 - Use of uninitialized resource in Linux kernel mctp

Published: June 20, 2025

Security Bulletin ID SB20250620126

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of uninitialized resource (CVE-ID: CVE-2025-38012)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0102989af4c334d1d98b2a0fd4d61a5152e39b72
https://git.kernel.org/stable/c/255dd31bfc4a67a19b1fc2cd130a50284dadfe3a
https://git.kernel.org/stable/c/428dc9fc0873989d73918d4a9cc22745b7bbc799