CVE-2025-38608
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | 6.1.153 |
| linux | kernel | 5.10.244 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the bpf and ktls components. When sending plaintext data, the system initially calculates the corresponding ciphertext length. However, if the plaintext data length is later reduced due to a socket policy, the ciphertext length is not recalculated. This causes buffers with uninitialized data to be transmitted during ciphertext transmission, resulting in uninitialized bytes being appended after a complete "Application Data" packet. This leads to errors on the receiving end when parsing the TLS record.
How can this vulnerability impact me? :
The vulnerability can cause data corruption during TLS transmission by appending uninitialized bytes to the ciphertext. This may lead to errors when the receiving system attempts to parse the TLS records, potentially disrupting secure communications or causing application errors.