CVE-2025-38190

MEDIUM EPSS 6.0%
Published Jul 4, 202512mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 4, 2025 12mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: atm: Revert atm_account_tx() if copy_from_iter_full() fails. In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx(). It is expected to be reverted by atm_pop_raw() later called by vcc->dev->ops->send(vcc, skb). However, vcc_sendmsg() misses the same revert when copy_from_iter_full() fails, and then we will leak a socket. Let's factorise the revert part as atm_return_tx() and call it in the failure path. Note that the corresponding sk_wmem_alloc operation can be found in alloc_tx() as of the blamed commit. $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥2.6.13  –  <5.4.295
linuxlinux_kernel*≥5.5  –  <5.10.239
linuxlinux_kernel*≥5.11  –  <5.15.186
linuxlinux_kernel*≥5.16  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.95
linuxlinux_kernel*≥6.7  –  <6.12.35
linuxlinux_kernel*≥6.13  –  <6.15.4
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/2252c539c43f9a1431a7e8b34e3c18e9dd77a96d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672af27410c64777e8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3902205eadf35db59dbc2186c2a98b9e6182efa5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d828519bd69bfcaabdd942a872679617ef06739
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e0d00992118e234ebf29d5145c1cc920342777e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7851263998d4269125fd6cb3fdbfc7c6db853859
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d6bc28cfe5c8e3a279b4b4bdeed6698b2702685
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3fb395b50cb16bcc1
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2252c539c43f9a1431a7e8b34e3c18e9dd77a96d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672af27410c64777e8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3902205eadf35db59dbc2186c2a98b9e6182efa5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d828519bd69bfcaabdd942a872679617ef06739
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e0d00992118e234ebf29d5145c1cc920342777e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7851263998d4269125fd6cb3fdbfc7c6db853859
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d6bc28cfe5c8e3a279b4b4bdeed6698b2702685
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3fb395b50cb16bcc1
    Patch