PT-2025-27698 · Linux+6 · Linux Kernel+6
Published
2025-07-03
·
Updated
2026-05-26
·
CVE-2025-38112
CVSS v2.0
5.5
Medium
| Vector | AV:A/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A Time-of-Check-to-Time-of-Use (TOCTOU) issue exists in the
sk is readable() function. The sk->sk prot->sock is readable function pointer is valid when sk resides in a sockmap. However, after the last sk psock put() call, sk->sk prot gets restored, and sk->sk prot->sock is readable becomes NULL. This can lead to a null pointer dereference if the value of sk->sk prot is reloaded after the initial check.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Time Of Check To Time Of Use
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu