CVE-2025-38147

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0

Description: A null pointer dereference issue was discovered in the Linux kernel, specifically in the txopt get() function. This issue occurs when the netlbl conn setattr() function is called without proper validation, allowing an attacker to potentially exploit this vulnerability by calling connect() for an IPv6 address on an IPv4 socket. The root cause is a missing validation in netlbl conn setattr(), which switches branches based on the struct sockaddr.sa family passed from userspace without checking if the address family matches the socket.

Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting the use of the netlbl conn setattr() function until a patch is available. Additionally, ensure that the security socket connect() function is properly validated to prevent exploitation.