CVE-2025-38148

MEDIUM EPSS 4.2%
Published Jul 3, 202512mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case the HW will never generate an interrupt to say that the frame was timestamped, then the frame will never released. Fix this by freeing the frame in case of one-step timestamping.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.9  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.94
linuxlinux_kernel*≥6.7  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3
debiandebian_linux11.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24b24295464f25fb771d36ed558c7cd942119361
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66abe22017522dd56b820e41ca3a5b131a637001
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/846992645b25ec4253167e3f931e4597eb84af56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdbabd316c5a4a9b0fda6aafe491e2db17fbb95d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db2a12ddd3a31f668137ff6a4befc1343c79cbc4
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24b24295464f25fb771d36ed558c7cd942119361
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66abe22017522dd56b820e41ca3a5b131a637001
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/846992645b25ec4253167e3f931e4597eb84af56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdbabd316c5a4a9b0fda6aafe491e2db17fbb95d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db2a12ddd3a31f668137ff6a4befc1343c79cbc4
    Patch