CVE-2025-38441

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()<br /> <br /> syzbot found a potential access to uninit-value in nf_flow_pppoe_proto()<br /> <br /> Blamed commit forgot the Ethernet header.<br /> <br /> BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27<br /> nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27<br /> nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]<br /> nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623<br /> nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]<br /> nf_ingress net/core/dev.c:5742 [inline]<br /> __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837<br /> __netif_receive_skb_one_core net/core/dev.c:5975 [inline]<br /> __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090<br /> netif_receive_skb_internal net/core/dev.c:6176 [inline]<br /> netif_receive_skb+0x57/0x630 net/core/dev.c:6235<br /> tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485<br /> tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938<br /> tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984<br /> new_sync_write fs/read_write.c:593 [inline]<br /> vfs_write+0xb4b/0x1580 fs/read_write.c:686<br /> ksys_write fs/read_write.c:738 [inline]<br /> __do_sys_write fs/read_write.c:749 [inline]