Sendmsg Oversized Byte Count Vulnerability in Linux Kernel Affecting TCP Transmission
CVE-2025-39758
What is CVE-2025-39758?
A vulnerability in the Linux kernel related to the handling of the TCP transmission has been identified. The issue arises from an incorrect byte count during the sendmsg operation in the siw_tcp_sendpages function. Specifically, the function oversends iov_iter data, which can lead to out-of-bounds memory access and subsequent crashes. This vulnerability is particularly impactful with recent changes to the slab allocator that affect large kmalloc allocations. The fix involves ensuring the correct byte count is used in TCP communication, thereby preventing potential out-of-bounds crashes and improving overall stability.
Affected Version(s)
Linux c2ff29e99a764769eb2ce3a1a5585013633ee9a6 < 5661fdd218c2799001b88c17acd19f4395e4488e
Linux c2ff29e99a764769eb2ce3a1a5585013633ee9a6 < 673cf582fd788af12cdacfb62a6a593083542481
Linux c2ff29e99a764769eb2ce3a1a5585013633ee9a6 < 42ebc16d9d2563f1a1ce0f05b643ee68d54fabf8