PT-2025-34384 · Linux+5 · Linux Kernel+5

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-38622

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0-rc7
Description: A flaw exists in the Linux kernel related to handling UDP packets with specific configurations. Specifically, when a packet with a virtio net hdr is sent to a tun device with SKB GSO UDP and a gso size less than the udphdr size, a kernel crash can occur within the skb pull rcsum function. This issue is triggered when the UDP encapsulation option UDP ENCAP ESPINUDP is enabled, leading to a segmentation fault during UDP receive processing. The vulnerability arises from segmentation introduced in the UDP receive path intended only for GRO (Generic Receive Offload), which was not designed for UFO (UDP Fragmentation Offload) packets.
Recommendations: Linux kernel versions prior to 6.16.0-rc7 should be updated.

Exploit

Fix

Heap Based Buffer Overflow

Weakness Enumeration

CWE-122

Related Identifiers

AZL-66599
AZL-73617
BDU:2025-15790
CVE-2025-38622
DLA-4327-1
DLA-4328-1
ECHO-9DB4-D0A7-15C3
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7934-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu