Race Condition in Linux Kernel Affecting Various Socket Types
CVE-2025-38154

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38154?

A race condition present in the Linux kernel concerning the sk_socket can lead to potential system instability when sending data through sockets. Specifically, when the skb_send_sock() function is invoked, there is a lack of synchronization between the backlog thread and the close operation, leading to possible crashes. This vulnerability affects various socket types including TCP, UDP, UNIX, and vsock. The resolution introduces synchronization measures to ensure that the backlog thread completes processing without conflicts during the closure of socket connections, thereby enhancing the overall integrity and reliability of socket communication.

Affected Version(s)

Linux 4959ffc65a0e94f8acaac20deac49f89e6ded52d < 4edb40b05cb6a261775abfd8046804ca139a5546

Linux 5eabdf17fed2ad41b836bb4055ec36d95e512c50

Linux e946428439a0d2079959f5603256ac51b6047017 < 4c6fa65ab2aec7df94809478c8d28ef38676a1b7

References

https://git.kernel.org/stable/c/4edb40b05cb6a261775abfd80...

https://git.kernel.org/stable/c/b19cbf0b9a91f5a0d93fbcd76...

https://git.kernel.org/stable/c/4c6fa65ab2aec7df94809478c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025