CVE-2025-38566

HIGH EPSS 40.6%
Published Aug 19, 202510mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Aug 19, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payload buffer. This patch proposes to rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed msg buffer and read in the control message such as a TLS alert. Msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator before calling into the tls_alert_recv.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
40.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-754

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.4  –  <6.6.102
linuxlinux_kernel*≥6.7  –  <6.12.42
linuxlinux_kernel*≥6.13  –  <6.15.10
linuxlinux_kernel*≥6.16  –  <6.16.1
linuxlinux_kernel6.17any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/25bb3647d30a20486b5fe7cff2b0e503c16c9692
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b549da875414989f480b66835d514be80a0bd9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6b33c31cc788073bfbed9297e1f4486ed73d87da
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1df394621710b312f0393e3f240fdac0764f968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bee47cb026e762841f3faece47b51f985e215edb
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/25bb3647d30a20486b5fe7cff2b0e503c16c9692
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b549da875414989f480b66835d514be80a0bd9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6b33c31cc788073bfbed9297e1f4486ed73d87da
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1df394621710b312f0393e3f240fdac0764f968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bee47cb026e762841f3faece47b51f985e215edb
    Patch