PT-2025-33765 · Linux+7 · Linux Kernel+7

Scott Mayhew

·

Published

2025-07-29

·

Updated

2026-04-20

·

CVE-2025-38566

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A security issue was identified in the Linux kernel related to the handling of server-side TLS alerts within the sunrpc component. The tls alert recv() function incorrectly assumed it could read data from the message iterator's kvec. This occurs because the kTLS implementation splits TLS record payloads between a control message buffer and a payload buffer. The patch addresses this by reworking how control messages are set up and used by sock recvmsg(). Specifically, the kTLS layer now returns an error upon encountering a TLS control message, allowing NFS to set up a kvec-backed message buffer to read the control message, such as a TLS alert.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Improper Check for Exceptional Conditions

Weakness Enumeration

CWE-120CWE-754

Related Identifiers

ALSA-2025:16354
ALSA-2025:18281
AZL-66485
BDU:2025-10728
CVE-2025-38566
INFSA-2025_18281
INFSA-2025_21112
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
RHSA-2025:18281
RHSA-2025:21112
RHSA-2025_18281
RHSA-2025_21112
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:03636-1
SUSE-SU-2025:03638-1
SUSE-SU-2025:03643-1
SUSE-SU-2025:03646-1
SUSE-SU-2025:03650-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:20873-1
SUSE-SU-2025:20874-1
SUSE-SU-2025:20875-1
SUSE-SU-2025:20876-1
SUSE-SU-2025:20877-1
SUSE-SU-2025:20878-1
SUSE-SU-2025:20879-1
SUSE-SU-2025:20880-1
SUSE-SU-2025:20881-1
SUSE-SU-2025:20882-1
SUSE-SU-2025:20883-1
SUSE-SU-2025:20884-1
SUSE-SU-2025:20885-1
SUSE-SU-2025:20886-1
SUSE-SU-2025:20887-1
SUSE-SU-2025:20888-1
SUSE-SU-2025:20889-1
SUSE-SU-2025:20890-1
SUSE-SU-2025:20891-1
SUSE-SU-2025:20902-1
SUSE-SU-2025:20903-1
SUSE-SU-2025:20904-1
SUSE-SU-2025:20905-1
SUSE-SU-2025:20906-1
SUSE-SU-2025:20907-1
SUSE-SU-2025:20908-1
SUSE-SU-2025:20909-1
SUSE-SU-2025:20912-1
SUSE-SU-2025:20913-1
SUSE-SU-2025:20914-1
SUSE-SU-2025:20915-1
SUSE-SU-2025:20916-1
SUSE-SU-2025:20917-1
SUSE-SU-2025:20918-1
SUSE-SU-2025:20919-1
SUSE-SU-2025:20920-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3742-1
SUSE-SU-2025:3748-1
SUSE-SU-2025:3755-1
SUSE-SU-2025:3762-1
SUSE-SU-2025:3764-1
SUSE-SU-2025:3765-1
SUSE-SU-2025:3768-1
SUSE-SU-2025:3770-1
SUSE-SU-2025:3771-1
SUSE-SU-2025:3772-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu