-
CVE-2025-38471
- EPSS 0.03%
- Veröffentlicht 28.07.2025 11:21:32
- Zuletzt bearbeitet 29.07.2025 14:14:29
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
tls: always refresh the queue when reading sock
After recent changes in net-next TCP compacts skbs much more
aggressively. This unearthed a bug in TLS where we may try
to operate on an old skb when checking if all skbs in the
queue have matching decrypt state and geometry.
BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]
(net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)
Read of size 4 at addr ffff888013085750 by task tls/13529
CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme
Call Trace:
kasan_report+0xca/0x100
tls_strp_check_rcv+0x898/0x9a0 [tls]
tls_rx_rec_wait+0x2c9/0x8d0 [tls]
tls_sw_recvmsg+0x40f/0x1aa0 [tls]
inet_recvmsg+0x1c3/0x1f0
Always reload the queue, fast path is to have the record in the queue
when we wake, anyway (IOW the path going down "if !strp->stm.full_len").Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
730fed2ff5e259495712518e18d9f521f61972bb
Version
0d87bbd39d7fd1135ab9eca672d760470f6508e8
Status
affected
Version <
1f3a429c21e0e43e8b8c55d30701e91411a4df02
Version
0d87bbd39d7fd1135ab9eca672d760470f6508e8
Status
affected
Version <
cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8
Version
0d87bbd39d7fd1135ab9eca672d760470f6508e8
Status
affected
Version <
c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6
Version
0d87bbd39d7fd1135ab9eca672d760470f6508e8
Status
affected
Version <
4ab26bce3969f8fd925fe6f6f551e4d1a508c68b
Version
0d87bbd39d7fd1135ab9eca672d760470f6508e8
Status
affected
Version
2277d7cbdf47531b2c3cd01ba15255fa955aab35
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.1
Status
affected
Version <
6.1
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.147
Status
unaffected
Version <=
6.6.*
Version
6.6.100
Status
unaffected
Version <=
6.12.*
Version
6.12.40
Status
unaffected
Version <=
6.15.*
Version
6.15.8
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|