Use-Of-Uninitialized-Memory Vulnerability in Linux Kernel
CVE-2025-38718

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38718?

A vulnerability in the Linux kernel stemming from improper handling of cloned GSO packets in SCTP (Stream Control Transmission Protocol) can lead to the use of uninitialized memory. The issue arises when a cloned head socket buffer (skb) shares fragmentation skbs with the original skb. This incorrect handling can be exploited, resulting in memory access violations and potential data leakage. The issue has been reported by syzbot, and resolving it involves linearizing these cloned packets in the sctp_rcv function to ensure safe memory access.

Affected Version(s)

Linux 90017accff61ae89283ad9a51f9ac46ca01633fb

Linux 90017accff61ae89283ad9a51f9ac46ca01633fb < 03d0cc6889e02420125510b5444b570f4bbf53d5

Linux 90017accff61ae89283ad9a51f9ac46ca01633fb

References

https://git.kernel.org/stable/c/d0194e391bb493aa6cec56d17...

https://git.kernel.org/stable/c/03d0cc6889e02420125510b54...

https://git.kernel.org/stable/c/cd0e92bb2b7542fb96397ffac...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025