PT-2025-34362 · Linux+4 · Linux Kernel+4

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-38616

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel TLS implementation does not properly handle situations where data is read from the TCP socket before the TLS ULP is installed, or when non-standard read APIs (like zerocopy) are used. This can lead to undefined behavior within TLS, potentially corrupting streams or causing missed alerts, but should not result in kernel crashes. The issue involves the potential for an out-of-bounds read if insufficient data is present in the socket for a previously parsed record length.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-366CWE-125

Related Identifiers

ASB-A-440544812
AZL-66662
BDU:2025-15792
CVE-2025-38616
ECHO-8FE4-8431-1D43
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21085-1
SUSE-SU-2025:21086-1
SUSE-SU-2025:21087-1
SUSE-SU-2025:21088-1
SUSE-SU-2025:21089-1
SUSE-SU-2025:21090-1
SUSE-SU-2025:21091-1
SUSE-SU-2025:21092-1
SUSE-SU-2025:21093-1
SUSE-SU-2025:21094-1
SUSE-SU-2025:21095-1
SUSE-SU-2025:21096-1
SUSE-SU-2025:21097-1
SUSE-SU-2025:21098-1
SUSE-SU-2025:21099-1
SUSE-SU-2025:21100-1
SUSE-SU-2025:21101-1
SUSE-SU-2025:21102-1
SUSE-SU-2025:21103-1
SUSE-SU-2025:21104-1
SUSE-SU-2025:21107-1
SUSE-SU-2025:21108-1
SUSE-SU-2025:21109-1
SUSE-SU-2025:21110-1
SUSE-SU-2025:21111-1
SUSE-SU-2025:21112-1
SUSE-SU-2025:21113-1
SUSE-SU-2025:21114-1
SUSE-SU-2025:21115-1
SUSE-SU-2025:21116-1
SUSE-SU-2025:21117-1
SUSE-SU-2025:21118-1
SUSE-SU-2025:21119-1
SUSE-SU-2025:21120-1
SUSE-SU-2025:21121-1
SUSE-SU-2025:21122-1
SUSE-SU-2025:21123-1
SUSE-SU-2025:21124-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4160-1
SUSE-SU-2025:4161-1
SUSE-SU-2025:4164-1
SUSE-SU-2025:4167-1
SUSE-SU-2025:4169-1
SUSE-SU-2025:4200-1
SUSE-SU-2025:4201-1
SUSE-SU-2025:4208-1
SUSE-SU-2025:4261-1
SUSE-SU-2025:4262-1
SUSE-SU-2025:4265-1
SUSE-SU-2025:4268-1
SUSE-SU-2025:4269-1
SUSE-SU-2025:4275-1
SUSE-SU-2025:4282-1
SUSE-SU-2025:4302-1
SUSE-SU-2025:4306-1
SUSE-SU-2025:4311-1
SUSE-SU-2026:20149-1
SUSE-SU-2026:20164-1
SUSE-SU-2026:20169-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7889-1
USN-7889-2
USN-7889-3
USN-7889-4
USN-7889-5
USN-7889-6
USN-7889-7
USN-7934-1
USN-7935-1
USN-7940-1
USN-7940-2

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu