Kernel Vulnerability in Linux Kernel Affecting TCP Socket Communication
CVE-2025-38166

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38166?

A vulnerability in the Linux kernel's handling of TCP socket communication can lead to a kernel panic due to improper management of message iterations during buffer transactions. Specifically, when the BPF program modifies the message size, the system may encounter a situation where the expected size does not align with the actual data size, leading to a potential crash. This issue highlights the complexities involved in zero-copy logic when corking data and emphasizes the need for careful handling of message buffers to prevent instability within the kernel.

Affected Version(s)

Linux d3b18ad31f93d0b6bae105c679018a1ba7daa9ca < 328cac3f9f8ae394748485e769a527518a9137c8

Linux d3b18ad31f93d0b6bae105c679018a1ba7daa9ca < 2e36a81d388ec9c3f78b6223f7eda2088cd40adb

Linux d3b18ad31f93d0b6bae105c679018a1ba7daa9ca < 57fbbe29e86042bbaa31c1a30d2afa16c427e3f7

References

https://git.kernel.org/stable/c/328cac3f9f8ae394748485e76...

https://git.kernel.org/stable/c/2e36a81d388ec9c3f78b6223f...

https://git.kernel.org/stable/c/57fbbe29e86042bbaa31c1a30...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025