CVE-2025-38190

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> atm: Revert atm_account_tx() if copy_from_iter_full() fails.<br /> <br /> In vcc_sendmsg(), we account skb-&gt;truesize to sk-&gt;sk_wmem_alloc by<br /> atm_account_tx().<br /> <br /> It is expected to be reverted by atm_pop_raw() later called by<br /> vcc-&gt;dev-&gt;ops-&gt;send(vcc, skb).<br /> <br /> However, vcc_sendmsg() misses the same revert when copy_from_iter_full()<br /> fails, and then we will leak a socket.<br /> <br /> Let&amp;#39;s factorise the revert part as atm_return_tx() and call it in<br /> the failure path.<br /> <br /> Note that the corresponding sk_wmem_alloc operation can be found in<br /> alloc_tx() as of the blamed commit.<br /> <br /> $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~