CVE-2025-38190
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 2.6.13 (inc) to 5.4.295 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.239 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.95 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.35 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.4 (exc) |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to a socket memory leak in the Linux kernel, which may cause resource exhaustion over time. This could degrade system performance or stability, potentially leading to denial of service conditions if the system runs out of memory resources for socket operations.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves a failure to properly revert memory accounting when a function called copy_from_iter_full() fails inside vcc_sendmsg(). Specifically, atm_account_tx() increases the socket's memory allocation counter (sk_wmem_alloc), but if copy_from_iter_full() fails, the corresponding revert operation is missed, causing a socket memory leak. The fix involves factoring out the revert operation into atm_return_tx() and ensuring it is called on failure to prevent the leak.