CVE-2025-38148
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2025
Last modified:
18/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: phy: mscc: Fix memory leak when using one step timestamping<br />
<br />
Fix memory leak when running one-step timestamping. When running<br />
one-step sync timestamping, the HW is configured to insert the TX time<br />
into the frame, so there is no reason to keep the skb anymore. As in<br />
this case the HW will never generate an interrupt to say that the frame<br />
was timestamped, then the frame will never released.<br />
Fix this by freeing the frame in case of one-step timestamping.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.9 (including) | 5.15.192 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.142 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.94 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.34 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.3 (excluding) |
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17
- https://git.kernel.org/stable/c/24b24295464f25fb771d36ed558c7cd942119361
- https://git.kernel.org/stable/c/66abe22017522dd56b820e41ca3a5b131a637001
- https://git.kernel.org/stable/c/846992645b25ec4253167e3f931e4597eb84af56
- https://git.kernel.org/stable/c/cdbabd316c5a4a9b0fda6aafe491e2db17fbb95d
- https://git.kernel.org/stable/c/db2a12ddd3a31f668137ff6a4befc1343c79cbc4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html