PT-2025-27965 · Linux+6 · Linux Kernel+6

Published

2025-06-16

·

Updated

2026-04-20

·

CVE-2025-38190

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A issue in the Linux kernel has been resolved, related to the Asynchronous Transfer Mode (ATM) protocol. The problem occurs when the copy from iter full() function fails in vcc sendmsg(), causing a socket leak because atm account tx() is not reverted. To fix this, a new function atm return tx() has been introduced to handle the revert operation. The issue is associated with the vcc sendmsg() and atm pop raw() functions, as well as the sk wmem alloc operation in alloc tx().
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Weakness Enumeration

CWE-20

Related Identifiers

AZL-64761
BDU:2025-09624
CVE-2025-38190
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-46F2-7354-4A44
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-1926
OESA-2025-1927
OESA-2025-1928
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03204-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03204-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu