CVE-2025-38571

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sunrpc: fix client side handling of tls alerts<br /> <br /> A security exploit was discovered in NFS over TLS in tls_alert_recv<br /> due to its assumption that there is valid data in the msghdr&amp;#39;s<br /> iterator&amp;#39;s kvec.<br /> <br /> Instead, this patch proposes the rework how control messages are<br /> setup and used by sock_recvmsg().<br /> <br /> If no control message structure is setup, kTLS layer will read and<br /> process TLS data record types. As soon as it encounters a TLS control<br /> message, it would return an error. At that point, NFS can setup a kvec<br /> backed control buffer and read in the control message such as a TLS<br /> alert. Scott found that a msg iterator can advance the kvec pointer<br /> as a part of the copy process thus we need to revert the iterator<br /> before calling into the tls_alert_recv.