-
CVE-2025-38574
- EPSS 0.05%
- Veröffentlicht 19.08.2025 17:15:34
- Zuletzt bearbeitet 28.08.2025 15:15:53
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
pptp: ensure minimal skb length in pptp_xmit()
Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data
on ppp_sync_txmung") fixed ppp_sync_txmunge()
We need a similar fix in pptp_xmit(), otherwise we might
read uninit data as reported by syzbot.
BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193
pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]
ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314
pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148
__release_sock+0x1d3/0x330 net/core/sock.c:3213
release_sock+0x6b/0x270 net/core/sock.c:3767
pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x330/0x3d0 net/socket.c:727
____sys_sendmsg+0x893/0xd80 net/socket.c:2566
___sys_sendmsg+0x271/0x3b0 net/socket.c:2620
__sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
97b8c5d322c5c0038cac4bc56fdbe237d0be426f
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
26672f1679b143aa34fca0b6046b7fd0c184770d
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
5de7513f38f3c19c0610294ee478242bea356f8c
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
504cc4ab91073d2ac7404ad146139f86ecee7193
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
5005d24377378a20e5c0e53052fc4ebdcdcbc611
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
ea99b88b1999ebcb24d5d3a6b7910030f40d3bba
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
b7dcda76fd0615c0599c89f36873a6cd48e02dbb
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
1a04db0fd75cb6034fc27a56b67b3b8b9022a98c
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
de9c4861fb42f0cd72da844c3c34f692d5895b7b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.12
Status
affected
Version <
2.6.12
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.297
Status
unaffected
Version <=
5.10.*
Version
5.10.241
Status
unaffected
Version <=
5.15.*
Version
5.15.190
Status
unaffected
Version <=
6.1.*
Version
6.1.148
Status
unaffected
Version <=
6.6.*
Version
6.6.102
Status
unaffected
Version <=
6.12.*
Version
6.12.42
Status
unaffected
Version <=
6.15.*
Version
6.15.10
Status
unaffected
Version <=
6.16.*
Version
6.16.1
Status
unaffected
Version <=
*
Version
6.17-rc1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.142 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|