CVE-2025-38727

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.240

Description A flaw exists in the Linux kernel's netlink subsystem, specifically within the netlink unicast() function. The netlink attachskb() function, used for socket memory allocation checks, can enter an indefinite retry loop under specific conditions where skb->truesize + sk->sk rmem alloc is equal to sk->sk rcvbuf. This can lead to a system stall, as indicated by RCU (Read-Copy Update) self-detected stall messages. The issue arises from an incomplete check during memory allocation, failing to properly handle these conditions and causing the function to repeatedly attempt the operation without success. This was discovered by the Linux Verification Center (linuxtesting.org).

Recommendations Update to Linux kernel version 5.10.240 or later to resolve this issue.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-606CWE-835

Related Identifiers

BDU:2025-15746

CVE-2025-38727

DLA-4327-1

DLA-4328-1

DSA-6009-1

ECHO-1488-C737-542E

MGASA-2025-0234

MGASA-2025-0235

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-7829-1

USN-7829-2

USN-7829-3

USN-7829-4

USN-7829-5

USN-7829-6

USN-7933-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38727

Weakness Enumeration

Related Identifiers

Affected Products

References · 2550