TCP Offload Engine Issue in Linux Kernel by Vendor's Network Driver
CVE-2025-38331

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38331?

A vulnerability exists in the Linux kernel related to the interaction of TCP offload engine (TOE) and TCP segmentation offload (TSO) features. This flaw can lead to hardware instability, resulting in system crashes or lock-ups under load. When TOE is deactivated without TSO, the network driver becomes unstable, causing operational failures. To ensure reliable performance, both features must be enabled together, as their interaction is crucial for maintaining processing efficiency and system integrity. Comprehensive testing indicates that enabling TOE significantly stabilizes hardware performance during extensive networking tasks.

Affected Version(s)

Linux 4d5ae32f5e1e13f7f36d6439ec3257993b9f5b88 < 1b503b790109d19710ec83c589c3ee59e95347ec

Linux 4d5ae32f5e1e13f7f36d6439ec3257993b9f5b88

Linux 4d5ae32f5e1e13f7f36d6439ec3257993b9f5b88 < 2bd434bb0eeb680c2b3dd6c68ca319b30cb8d47f

References

https://git.kernel.org/stable/c/1b503b790109d19710ec83c58...

https://git.kernel.org/stable/c/a37888a435b0737128d2d9c6f...

https://git.kernel.org/stable/c/2bd434bb0eeb680c2b3dd6c68...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025