CVE-2025-38463

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the TCP implementation related to the calculation of remaining space in socket buffers (skb). Specifically, an incorrect signedness check during the calculation can lead to an integer overflow in sk->sk forward alloc. This occurs when the code attempts to append data to an existing skb, and the subtraction of skb->len from size goal results in an incorrect positive value due to type promotion and zero-extension. This can lead to sk->sk forward alloc wrapping around to a negative value during subsequent memory allocation requests. The issue was identified through Syzkaller testing and can also occur in real-world scenarios, such as when using the tcp bound to half wnd() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.