CVE-2025-38471

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-38471

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the queue have matching decrypt state and geometry. BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls] (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) Read of size 4 at addr ffff888013085750 by task tls/13529 CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme Call Trace: kasan_report+0xca/0x100 tls_strp_check_rcv+0x898/0x9a0 [tls] tls_rx_rec_wait+0x2c9/0x8d0 [tls] tls_sw_recvmsg+0x40f/0x1aa0 [tls] inet_recvmsg+0x1c3/0x1f0 Always reload the queue, fast path is to have the record in the queue when we wake, anyway (IOW the path going down "if !strp->stm.full_len").

References
Link Resource
https://git.kernel.org/stable/c/1f3a429c21e0e43e8b8c55d30701e91411a4df02 Patch
https://git.kernel.org/stable/c/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b Patch
https://git.kernel.org/stable/c/730fed2ff5e259495712518e18d9f521f61972bb Patch
https://git.kernel.org/stable/c/c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6 Patch
https://git.kernel.org/stable/c/cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

22 Dec 2025, 19:34

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1f3a429c21e0e43e8b8c55d30701e91411a4df02 - () https://git.kernel.org/stable/c/1f3a429c21e0e43e8b8c55d30701e91411a4df02 - Patch
References () https://git.kernel.org/stable/c/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b - () https://git.kernel.org/stable/c/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b - Patch
References () https://git.kernel.org/stable/c/730fed2ff5e259495712518e18d9f521f61972bb - () https://git.kernel.org/stable/c/730fed2ff5e259495712518e18d9f521f61972bb - Patch
References () https://git.kernel.org/stable/c/c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6 - () https://git.kernel.org/stable/c/c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6 - Patch
References () https://git.kernel.org/stable/c/cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8 - () https://git.kernel.org/stable/c/cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8 - Patch
References () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory
First Time Debian
Debian debian Linux
Linux
Linux linux Kernel
CWE CWE-416
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*

03 Nov 2025, 18:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

29 Jul 2025, 14:14

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-28 12:15

Updated : 2025-12-22 19:34

NVD link : CVE-2025-38471

Mitre link : CVE-2025-38471

CVE.ORG link : CVE-2025-38471

JSON object : View

Products Affected

linux

debian

CWE
CWE-416

Use After Free