PT-2025-33773 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2025-07-29

·

Updated

2026-05-26

·

CVE-2025-38574

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains a flaw within the pptp xmit() function related to insufficient checks on the size of the skb data structure. This can lead to reading uninitialized data, as reported by syzbot. The commit aabc6596ffb3 addressed a similar issue in ppp sync txmunge(), highlighting the need for a corresponding fix in pptp xmit(). The issue manifests as a KMSAN uninit-value bug within the pptp xmit() function.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use of Uninitialized Resource

Weakness Enumeration

CWE-457CWE-908

Related Identifiers

AZL-66476
AZL-73857
BDU:2025-15172
CVE-2025-38574
DLA-4327-1
DLA-4328-1
ECHO-C851-BC9B-D545
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2268
OESA-2025-2269
OESA-2025-2270
OESA-2026-1341
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7934-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu