CVE-2025-38441
published 2025-07-25CVE-2025-38441: In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
syzbot found a potential access to uninit-value in nf_flow_pppoe_proto()
Blamed commit forgot the Ethernet header.
BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623
nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]
nf_ingress net/core/dev.c:5742 [inline]
__netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837
__netif_receive_skb_one_core net/core/dev.c:5975 [inline]
__netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090
netif_receive_skb_internal net/core/dev.c:6176 [inline]
netif_receive_skb+0x57/0x630 net/core/dev.c:6235
tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485
tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938
tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0xb4b/0x1580 fs/read_write.c:686
ksys_write fs/read_write.c:738 [inline]
__do_sys_write fs/read_write.c:749 [inline]
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | >= 5.15.157 < 5.15.189 | 5.15.189 |
| linux | linux | >= 6.1.88 < 6.1.146 | 6.1.146 |
| linux | linux | >= 6.6.29 < 6.6.99 | 6.6.99 |
| linux | linux | >= 6.8.8 < 6.9 | 6.9 |
| linux | linux | >= 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf < e0dd2e9729660f3f4fcb16e0aef87342911528ef | e0dd2e9729660f3f4fcb16e0aef87342911528ef |
| linux | linux | >= 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf < cfbf0665969af2c69d10c377d4c3d306e717efb4 | cfbf0665969af2c69d10c377d4c3d306e717efb4 |
| linux | linux | >= 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf < 18cdb3d982da8976b28d57691eb256ec5688fad2 | 18cdb3d982da8976b28d57691eb256ec5688fad2 |
| linux | linux | >= 8bf7c76a2a207ca2b4cfda0a279192adf27678d7 < eed8960b289327235185b7c32649c3470a3e969b | eed8960b289327235185b7c32649c3470a3e969b |
| linux | linux | >= a2471d271042ea18e8a6babc132a8716bb2f08b9 < 9fbc49429a23b02595ba82536c5ea425fdabb221 | 9fbc49429a23b02595ba82536c5ea425fdabb221 |
| linux | linux | >= d06977b9a4109f8738bb276125eb6a0b772bc433 < a3aea97d55964e70a1e6426aa4cafdc036e8a2dd | a3aea97d55964e70a1e6426aa4cafdc036e8a2dd |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.15.157 < 5.15.189 | 5.15.189 |
| linux | linux_kernel | >= 6.1.88 < 6.1.146 | 6.1.146 |
| linux | linux_kernel | >= 6.13 < 6.15.7 | 6.15.7 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM