PT-2025-27960 · Linux+6 · Linux Kernel+6

Published

2025-06-16

·

Updated

2026-04-20

·

CVE-2025-38185

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the atmtcp c send() function in the Linux kernel, where it accesses skb->data as struct atmtcp hdr after checking if skb->len is 0, but this check is not sufficient. When skb->len equals 0, skb and sk (vcc) are leaked because dev kfree skb() is not called and sk wmem alloc adjustment is missing to revert atm account tx() in vcc sendmsg(). This leak occurs because the necessary cleanup is expected to be done in atm pop raw(), but it is not properly handled. The vulnerability was reported by syzbot, which identified the issue through a splat.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Memory Leak

Weakness Enumeration

CWE-20CWE-401

Related Identifiers

AZL-64749
BDU:2025-09621
CVE-2025-38185
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-7061-2778-31E0
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03204-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03204-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu