CVE-2025-38465
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/07/2025
Last modified:
22/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
netlink: Fix wraparounds of sk->sk_rmem_alloc.<br />
<br />
Netlink has this pattern in some places<br />
<br />
if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)<br />
atomic_add(skb->truesize, &sk->sk_rmem_alloc);<br />
<br />
, which has the same problem fixed by commit 5a465a0da13e ("udp:<br />
Fix multiple wraparounds of sk->sk_rmem_alloc.").<br />
<br />
For example, if we set INT_MAX to SO_RCVBUFFORCE, the condition<br />
is always false as the two operands are of int.<br />
<br />
Then, a single socket can eat as many skb as possible until OOM<br />
happens, and we can see multiple wraparounds of sk->sk_rmem_alloc.<br />
<br />
Let&#39;s fix it by using atomic_add_return() and comparing the two<br />
variables as unsigned int.<br />
<br />
Before:<br />
[root@fedora ~]# ss -f netlink<br />
Recv-Q Send-Q Local Address:Port Peer Address:Port<br />
-1668710080 0 rtnl:nl_wraparound/293 *<br />
<br />
After:<br />
[root@fedora ~]# ss -f netlink<br />
Recv-Q Send-Q Local Address:Port Peer Address:Port<br />
2147483072 0 rtnl:nl_wraparound/290 *<br />
^<br />
`--- INT_MAX - 576
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.13 (including) | 5.4.296 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.240 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.189 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.146 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.99 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.39 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/4b8e18af7bea92f8b7fb92d40aeae729209db250
- https://git.kernel.org/stable/c/55baecb9eb90238f60a8350660d6762046ebd3bd
- https://git.kernel.org/stable/c/76602d8e13864524382b0687dc32cd8f19164d5a
- https://git.kernel.org/stable/c/9da025150b7c14a8390fc06aea314c0a4011e82c
- https://git.kernel.org/stable/c/ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc
- https://git.kernel.org/stable/c/c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98
- https://git.kernel.org/stable/c/cd7ff61bfffd7000143c42bbffb85eeb792466d6
- https://git.kernel.org/stable/c/fd69af06101090eaa60b3d216ae715f9c0a58e5b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html