-
CVE-2025-38566
- EPSS 0.03%
- Published 19.08.2025 17:15:33
- Last modified 20.08.2025 14:40:17
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payload buffer. This patch proposes to rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed msg buffer and read in the control message such as a TLS alert. Msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator before calling into the tls_alert_recv.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
b1df394621710b312f0393e3f240fdac0764f968
Version
5e052dda121e2870dd87181783da4a95d7d2927b
Status
affected
Version <
25bb3647d30a20486b5fe7cff2b0e503c16c9692
Version
5e052dda121e2870dd87181783da4a95d7d2927b
Status
affected
Version <
3b549da875414989f480b66835d514be80a0bd9c
Version
5e052dda121e2870dd87181783da4a95d7d2927b
Status
affected
Version <
6b33c31cc788073bfbed9297e1f4486ed73d87da
Version
5e052dda121e2870dd87181783da4a95d7d2927b
Status
affected
Version <
bee47cb026e762841f3faece47b51f985e215edb
Version
5e052dda121e2870dd87181783da4a95d7d2927b
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
6.4
Status
affected
Version <
6.4
Version
0
Status
unaffected
Version <=
6.6.*
Version
6.6.102
Status
unaffected
Version <=
6.12.*
Version
6.12.42
Status
unaffected
Version <=
6.15.*
Version
6.15.10
Status
unaffected
Version <=
6.16.*
Version
6.16.1
Status
unaffected
Version <=
*
Version
6.17-rc2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.057 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|