PT-2025-27419 · Linux+8 · Linux Kernel+8

Tianshuo Han

·

Published

2025-06-19

·

Updated

2026-04-20

·

CVE-2025-38089

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:S/C:N/I:P/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A remotely-triggerable crash can occur in the Linux kernel if a client sends a specially crafted packet to the kernel RPC server. This happens when decoding the RPC reply fails and returns SVC GARBAGE without setting the rq accept statp pointer, which can then be dereferenced and cause a crash or memory scribble. The issue arises from the server sunrpc code treating a SVC GARBAGE return as a GARBAGE ARGS reply instead of rejecting the RPC with a status of AUTH ERR as per RFC 5531. The problem is resolved by handling a SVC GARBAGE return as an AUTH ERROR with a reason of AUTH BADCRED.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:11411
ALSA-2025:11428
AZL-64398
BDU:2025-11768
CVE-2025-38089
INFSA-2025_11411
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-2077
OESA-2025-2078
OESA-2025-2079
OPENSUSE-SU-2025:20081-1
RHSA-2025:11411
RHSA-2025:11428
RHSA-2025:11810
RHSA-2025:12976
RHSA-2025:12977
RHSA-2025_11411
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03465-1
SUSE-SU-2025:03468-1
SUSE-SU-2025:03469-1
SUSE-SU-2025:03470-1
SUSE-SU-2025:03472-1
SUSE-SU-2025:03476-1
SUSE-SU-2025:03480-1
SUSE-SU-2025:03494-1
SUSE-SU-2025:03495-1
SUSE-SU-2025:03563-1
SUSE-SU-2025:03566-1
SUSE-SU-2025:03567-1
SUSE-SU-2025:03569-1
SUSE-SU-2025:03571-1
SUSE-SU-2025:03572-1
SUSE-SU-2025:03575-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:20806-1
SUSE-SU-2025:20807-1
SUSE-SU-2025:20808-1
SUSE-SU-2025:20809-1
SUSE-SU-2025:20810-1
SUSE-SU-2025:20811-1
SUSE-SU-2025:20813-1
SUSE-SU-2025:20814-1
SUSE-SU-2025:20815-1
SUSE-SU-2025:20816-1
SUSE-SU-2025:20817-1
SUSE-SU-2025:20818-1
SUSE-SU-2025:20819-1
SUSE-SU-2025:20826-1
SUSE-SU-2025:20827-1
SUSE-SU-2025:20828-1
SUSE-SU-2025:20829-1
SUSE-SU-2025:20830-1
SUSE-SU-2025:20831-1
SUSE-SU-2025:20832-1
SUSE-SU-2025:20833-1
SUSE-SU-2025:20834-1
SUSE-SU-2025:20835-1
SUSE-SU-2025:20836-1
SUSE-SU-2025:20837-1
SUSE-SU-2025:20838-1
SUSE-SU-2025:20840-1
SUSE-SU-2025:20841-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu