-
CVE-2025-38718
- EPSS 0.04%
- Veröffentlicht 04.09.2025 15:33:12
- Zuletzt bearbeitet 05.09.2025 17:47:24
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs caused by this: BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211 sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211 sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122 __release_sock+0x1da/0x330 net/core/sock.c:3106 release_sock+0x6b/0x250 net/core/sock.c:3660 sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360 sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885 sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031 inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:718 [inline] and BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987 sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987 sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88 sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331 sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148 __release_sock+0x1d3/0x330 net/core/sock.c:3213 release_sock+0x6b/0x270 net/core/sock.c:3767 sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367 sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886 sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032 inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] This patch fixes it by linearizing cloned gso packets in sctp_rcv().
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
d0194e391bb493aa6cec56d177b14df6b29188d5
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
03d0cc6889e02420125510b5444b570f4bbf53d5
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
cd0e92bb2b7542fb96397ffac639b4f5b099d0cb
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
ea094f38d387d1b0ded5dee4a3e5720aa4ce0139
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
7d757f17bc2ef2727994ffa6d5d6e4bc4789a770
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
fc66772607101bd2030a4332b3bd0ea3b3605250
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
1bd5214ea681584c5886fea3ba03e49f93a43c0e
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
Version <
fd60d8a086191fe33c2d719732d2482052fa6805
Version
90017accff61ae89283ad9a51f9ac46ca01633fb
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.8
Status
affected
Version <
4.8
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.297
Status
unaffected
Version <=
5.10.*
Version
5.10.241
Status
unaffected
Version <=
5.15.*
Version
5.15.190
Status
unaffected
Version <=
6.6.*
Version
6.6.103
Status
unaffected
Version <=
6.12.*
Version
6.12.43
Status
unaffected
Version <=
6.15.*
Version
6.15.11
Status
unaffected
Version <=
6.16.*
Version
6.16.2
Status
unaffected
Version <=
*
Version
6.17-rc2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.092 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|