CVE - CVE-2025-38037

CVE-ID
CVE-2025-38037	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2: vxlan_xmit+0xadf/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000fffbac6e -> 0x00000000fffbac6f Reported by Kernel Concurrency Sanitizer on: CPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 [2] #!/bin/bash set +H echo whitelist > /sys/kernel/debug/kcsan echo !vxlan_xmit > /sys/kernel/debug/kcsan ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1 bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1 taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q & taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7 URL:https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7 MISC:https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f URL:https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f MISC:https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f URL:https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f MISC:https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3 URL:https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3 MISC:https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1 URL:https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1 MISC:https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7 URL:https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7 MISC:https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa URL:https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa MISC:https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612 URL:https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)