CVE-2025-38190

In the Linux kernel, the following vulnerability has been resolved: atm: Revert atm_account_tx() if copy_from_iter_full() fails. In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx(). It is expected to be reverted by atm_pop_raw() later called by vcc->dev->ops->send(vcc, skb). However, vcc_sendmsg() misses the same revert when copy_from_iter_full() fails, and then we will leak a socket. Let's factorise the revert part as atm_return_tx() and call it in the failure path. Note that the corresponding sk_wmem_alloc operation can be found in alloc_tx() as of the blamed commit. $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2252c539c43f9a1431a7e8b34e3c18e9dd77a96d	Patch
https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672af27410c64777e8	Patch
https://git.kernel.org/stable/c/3902205eadf35db59dbc2186c2a98b9e6182efa5	Patch
https://git.kernel.org/stable/c/3d828519bd69bfcaabdd942a872679617ef06739	Patch
https://git.kernel.org/stable/c/5e0d00992118e234ebf29d5145c1cc920342777e	Patch
https://git.kernel.org/stable/c/7851263998d4269125fd6cb3fdbfc7c6db853859	Patch
https://git.kernel.org/stable/c/7d6bc28cfe5c8e3a279b4b4bdeed6698b2702685	Patch
https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3fb395b50cb16bcc1	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

18 Dec 2025, 17:24

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:2.6.12:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::
First Time		Linux Debian Debian debian Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/2252c539c43f9a1431a7e8b34e3c18e9dd77a96d -~~	() https://git.kernel.org/stable/c/2252c539c43f9a1431a7e8b34e3c18e9dd77a96d - Patch
References	~~() https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672af27410c64777e8 -~~	() https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672af27410c64777e8 - Patch
References	~~() https://git.kernel.org/stable/c/3902205eadf35db59dbc2186c2a98b9e6182efa5 -~~	() https://git.kernel.org/stable/c/3902205eadf35db59dbc2186c2a98b9e6182efa5 - Patch
References	~~() https://git.kernel.org/stable/c/3d828519bd69bfcaabdd942a872679617ef06739 -~~	() https://git.kernel.org/stable/c/3d828519bd69bfcaabdd942a872679617ef06739 - Patch
References	~~() https://git.kernel.org/stable/c/5e0d00992118e234ebf29d5145c1cc920342777e -~~	() https://git.kernel.org/stable/c/5e0d00992118e234ebf29d5145c1cc920342777e - Patch
References	~~() https://git.kernel.org/stable/c/7851263998d4269125fd6cb3fdbfc7c6db853859 -~~	() https://git.kernel.org/stable/c/7851263998d4269125fd6cb3fdbfc7c6db853859 - Patch
References	~~() https://git.kernel.org/stable/c/7d6bc28cfe5c8e3a279b4b4bdeed6698b2702685 -~~	() https://git.kernel.org/stable/c/7d6bc28cfe5c8e3a279b4b4bdeed6698b2702685 - Patch
References	~~() https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3fb395b50cb16bcc1 -~~	() https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3fb395b50cb16bcc1 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

03 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: Revertir atm_account_tx() si copy_from_iter_full() falla. En vcc_sendmsg(), contabilizamos skb->truesize como sk->sk_wmem_alloc mediante atm_account_tx(). Se espera que sea revertido por atm_pop_raw(), posteriormente llamado por vcc->dev->ops->send(vcc, skb). Sin embargo, vcc_sendmsg() no realiza la misma reversión cuando copy_from_iter_full() falla, y entonces se filtrará un socket. Factoricemos la parte de la reversión como atm_return_tx() y la llamemos en la ruta de error. Tenga en cuenta que la operación sk_wmem_alloc correspondiente se puede encontrar en alloc_tx() a partir de la confirmación culpable. $ git culpa -L:alloc_tx net/atm/common.c c55fa3ccccc2c~

04 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-04 14:15

Updated : 2025-12-18 17:24

NVD link : CVE-2025-38190

Mitre link : CVE-2025-38190

CVE.ORG link : CVE-2025-38190

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10