CVE-2025-38545
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's ethernet driver (ti: am65-cpsw-nuss) occurred because during a transition from netdev_alloc_ip_align() to build_skb(), the memory for the skb_shared_info member of an skb (socket buffer) was not allocated properly. This means that the skb size was incorrect as it did not account for skb_shared_info, potentially leading to memory issues. The fix involved allocating PAGE_SIZE as the skb length, which includes the packet length, headroom, tailroom, and the required memory for skb_shared_info.
How can this vulnerability impact me? :
The vulnerability could lead to improper memory allocation for network packets in the affected ethernet driver, which might cause memory corruption, crashes, or unexpected behavior in the network stack. This could impact system stability and security, potentially allowing attackers to exploit the memory mismanagement.