Linux Kernel Socket Memory Leak Vulnerability in Affected Systems
CVE-2025-38190

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38190?

A vulnerability has been identified in the Linux kernel's handling of socket memory, specifically relating to the accounting of skb->truesize during the vcc_sendmsg() function. If the copy_from_iter_full() operation fails, the revert mechanism is not triggered, leading to a potential memory leak of socket resources. This oversight can allow for improper memory utilization, which may be exploited in specific scenarios. A dedicated revert function, atm_return_tx(), has been proposed to ensure that the socket resources are properly managed, mitigating the risk of memory leaks.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5e0d00992118e234ebf29d5145c1cc920342777e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 287b4f085d2ca3375cf1ee672af27410c64777e8

References

https://git.kernel.org/stable/c/5e0d00992118e234ebf29d514...

https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3f...

https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025