-
CVE-2025-38441
- EPSS 0.04%
- Published 25.07.2025 16:15:29
- Last modified 29.07.2025 14:14:55
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline] nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5742 [inline] __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837 __netif_receive_skb_one_core net/core/dev.c:5975 [inline] __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090 netif_receive_skb_internal net/core/dev.c:6176 [inline] netif_receive_skb+0x57/0x630 net/core/dev.c:6235 tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485 tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984 new_sync_write fs/read_write.c:593 [inline] vfs_write+0xb4b/0x1580 fs/read_write.c:686 ksys_write fs/read_write.c:738 [inline] __do_sys_write fs/read_write.c:749 [inline]
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
a3aea97d55964e70a1e6426aa4cafdc036e8a2dd
Version
d06977b9a4109f8738bb276125eb6a0b772bc433
Status
affected
Version <
eed8960b289327235185b7c32649c3470a3e969b
Version
8bf7c76a2a207ca2b4cfda0a279192adf27678d7
Status
affected
Version <
9fbc49429a23b02595ba82536c5ea425fdabb221
Version
a2471d271042ea18e8a6babc132a8716bb2f08b9
Status
affected
Version <
e0dd2e9729660f3f4fcb16e0aef87342911528ef
Version
87b3593bed1868b2d9fe096c01bcdf0ea86cbebf
Status
affected
Version <
cfbf0665969af2c69d10c377d4c3d306e717efb4
Version
87b3593bed1868b2d9fe096c01bcdf0ea86cbebf
Status
affected
Version <
18cdb3d982da8976b28d57691eb256ec5688fad2
Version
87b3593bed1868b2d9fe096c01bcdf0ea86cbebf
Status
affected
Version
cf366ee3bc1b7d1c76a882640ba3b3f8f1039163
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
6.9
Status
affected
Version <
6.9
Version
0
Status
unaffected
Version <=
5.15.*
Version
5.15.189
Status
unaffected
Version <=
6.1.*
Version
6.1.146
Status
unaffected
Version <=
6.6.*
Version
6.6.99
Status
unaffected
Version <=
6.12.*
Version
6.12.39
Status
unaffected
Version <=
6.15.*
Version
6.15.7
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.103 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|