CVE-2025-38148
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case the HW will never generate an interrupt to say that the frame was timestamped, then the frame will never released. Fix this by freeing the frame in case of one-step timestamping.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38148
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.9 (inc) to 5.15.192 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.94 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.34 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.3 (exc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The memory leak caused by this vulnerability can lead to increased memory usage over time, potentially degrading system performance or causing resource exhaustion on systems using one-step timestamping with the affected driver. This could result in instability or crashes if the leak is severe and not addressed.


Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel related to the mscc network PHY driver when using one-step timestamping. In one-step sync timestamping, the hardware inserts the transmit time directly into the frame, so the software no longer needs to keep the socket buffer (skb). However, because the hardware does not generate an interrupt to indicate the frame was timestamped, the frame was never released, causing a memory leak. The fix involves freeing the frame in this scenario to prevent the leak.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the memory leak in the mscc PHY driver related to one-step timestamping. This fix ensures that frames are properly freed, preventing memory leaks when using one-step sync timestamping.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart