CVE-2025-38441

MEDIUM EPSS 5.2%
Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline] nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5742 [inline] __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837 __netif_receive_skb_one_core net/core/dev.c:5975 [inline] __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090 netif_receive_skb_internal net/core/dev.c:6176 [inline] netif_receive_skb+0x57/0x630 net/core/dev.c:6235 tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485 tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984 new_sync_write fs/read_write.c:593 [inline] vfs_write+0xb4b/0x1580 fs/read_write.c:686 ksys_write fs/read_write.c:738 [inline] __do_sys_write fs/read_write.c:749 [inline]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 16

VendorProductVersionRange
linuxlinux_kernel*≥5.15.157  –  <5.15.189
linuxlinux_kernel*≥6.1.88  –  <6.1.146
linuxlinux_kernel*≥6.6.29  –  <6.6.99
linuxlinux_kernel*≥6.8.8  –  <6.9
linuxlinux_kernel*≥6.9.1  –  <6.12.39
linuxlinux_kernel*≥6.13  –  <6.15.7
linuxlinux_kernel6.9any
linuxlinux_kernel6.9any
linuxlinux_kernel6.9any
linuxlinux_kernel6.9any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b
    Patch