CVE-2025-38465
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk->sk_rmem_alloc. Netlink has this pattern in some places if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) atomic_add(skb->truesize, &sk->sk_rmem_alloc); , which has the same problem fixed by commit 5a465a0da13e ("udp: Fix multiple wraparounds of sk->sk_rmem_alloc."). For example, if we set INT_MAX to SO_RCVBUFFORCE, the condition is always false as the two operands are of int. Then, a single socket can eat as many skb as possible until OOM happens, and we can see multiple wraparounds of sk->sk_rmem_alloc. Let's fix it by using atomic_add_return() and comparing the two variables as unsigned int. Before: [root@fedora ~]# ss -f netlink Recv-Q Send-Q Local Address:Port Peer Address:Port -1668710080 0 rtnl:nl_wraparound/293 * After: [root@fedora ~]# ss -f netlink Recv-Q Send-Q Local Address:Port Peer Address:Port 2147483072 0 rtnl:nl_wraparound/290 * ^ `--- INT_MAX - 576
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38465
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in the Linux kernel's netlink implementation where the sk_rmem_alloc variable, which tracks socket memory usage, can wrap around due to improper handling of integer overflow. Specifically, the code compares signed integers where it should use unsigned integers, allowing a socket to allocate more memory than intended. This can lead to a single socket consuming excessive memory until the system runs out of memory (OOM). The fix involves using atomic_add_return() and comparing the variables as unsigned integers to prevent wraparound.


How can this vulnerability impact me? :

This vulnerability can allow a single socket to consume an excessive amount of memory by exploiting the wraparound issue in sk_rmem_alloc. This can lead to the system running out of memory (OOM), potentially causing denial of service or system instability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting netlink socket statistics for abnormal Recv-Q values that indicate wraparound of sk->sk_rmem_alloc. The example command to check netlink sockets is: ss -f netlink. Look for unusually large or negative Recv-Q values, which may indicate the wraparound issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version that includes the fix for the sk->sk_rmem_alloc wraparound issue. The fix uses atomic_add_return() and compares variables as unsigned int to prevent wraparound. Until the update is applied, monitoring netlink socket usage and limiting socket buffer sizes may help reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart