Kernel Panic in Linux Due to skb_linearize in Skb Operations by Linux Foundation
CVE-2025-38165

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38165?

A vulnerability in the Linux kernel's socket memory management has been identified that can lead to a kernel panic. Specifically, this issue is triggered when executing skb_linearize due to improper handling of socket buffer (skb) operations during heavy data aggregation under specific conditions. When the --rx-strp parameter is set to 100000, the data exceeds allowable limits, causing the panic assertion BUG_ON(skb_shared(skb)) to fail. The fix involves careful adjustment of skb_get operations to prevent this state from occurring, ensuring more stable networking functionality.

Affected Version(s)

Linux 923877254f002ae87d441382bb1096d9e773d56d < 9718ba6490732dbe70190d42c21deb1440834402

Linux a454d84ee20baf7bd7be90721b9821f73c7d23d9

Linux a454d84ee20baf7bd7be90721b9821f73c7d23d9 < 3d25fa2d7f127348c818e1dab9e58534f7ac56cc

References

https://git.kernel.org/stable/c/9718ba6490732dbe70190d42c...

https://git.kernel.org/stable/c/db1d15a26f21f97459508c42a...

https://git.kernel.org/stable/c/3d25fa2d7f127348c818e1dab...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025