PT-2025-30802 · Linux+3 · Linux Kernel+3

Published

2025-05-22

·

Updated

2026-04-20

·

CVE-2025-38402

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel where returning -EOPNOTSUPP from a function that returns a u32 can lead to a cast and an invalid size value. This can potentially cause allocation failures. The issue is visible on devices that do not have RSS caps set and can be triggered using the ethtool -x eth0 command.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

NULL Pointer Dereference

Weakness Enumeration

CWE-190CWE-476

Related Identifiers

BDU:2025-10793
CVE-2025-38402
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Linuxmint
Linux Kernel
Suse
Ubuntu