Netlink Memory Management Vulnerability in Linux Kernel
CVE-2025-38465

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38465?

A vulnerability in the Linux kernel's netlink functionality can lead to improper handling of socket memory allocations. When the socket's receive buffer size is set to an overly large value, it causes multiple wraparounds in the memory allocation counter, allowing a single socket to consume excessive kernel memory. This scenario may eventually result in an out-of-memory (OOM) condition, adversely affecting system stability and performance. The issue has been addressed by implementing checks that prevent the condition from being triggered.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9da025150b7c14a8390fc06aea314c0a4011e82c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/9da025150b7c14a8390fc06ae...

https://git.kernel.org/stable/c/c4ceaac5c5ba0b992ee1dc88e...

https://git.kernel.org/stable/c/fd69af06101090eaa60b3d216...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025