Remote Code Execution Vulnerability in Linux Kernel Affecting SMC Socket Implementation
CVE-2025-38475

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38475?

A type confusion vulnerability exists in the Linux kernel's handling of SMC sockets and INET sockets, leading to the potential for remote code execution. The issue arises due to improper management of socket data structures, allowing an attacker to exploit the confusion between the inet_sock and smc_sock types. This flaw could be leveraged for access to sensitive memory regions, thereby heightening security risks and exposing systems to attack. The vulnerability has been addressed in recent kernel updates, emphasizing the importance of timely patching for affected users.

Affected Version(s)

Linux d25a92ccae6bed02327b63d138e12e7806830f78 < 5b02e397929e5b13b969ef1f8e43c7951e2864f5

Linux d25a92ccae6bed02327b63d138e12e7806830f78 < 67a167a6b8b45607bc34aa541d1c75097d18d460

Linux d25a92ccae6bed02327b63d138e12e7806830f78 < 60ada4fe644edaa6c2da97364184b0425e8aeaf5

References

https://git.kernel.org/stable/c/5b02e397929e5b13b969ef1f8...

https://git.kernel.org/stable/c/67a167a6b8b45607bc34aa541...

https://git.kernel.org/stable/c/60ada4fe644edaa6c2da97364...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025