CVE-2025-38616Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-366Race Condition within a Thread37 documents8 sources
Severity
7.1HIGHNVD
OSV7.8OSV3.2
EPSS
0.0%
top 99.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedAug 22
Latest updateMar 1

Description

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses some non-standard read API (eg. zerocopy ones). Replace the WARN_ON() and a buggy early exit (which leaves anchor pointing to a freed skb) with real error handling. Wipe the parsing state and tell the r

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages8 packages

NVDlinux/linux_kernel6.06.6.103+4
Debianlinux/linux_kernel< 6.12.43-1+1
Ubuntulinux/linux_kernel< 6.8.0-88.89

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

19
OSV
CVE-2025-38616: In multiple locations, there is a possible use after free due to a race condition2026-03-01
OSV
linux-azure-nvidia vulnerabilities2026-01-09
OSV
linux-azure-fips vulnerabilities2025-12-17
OSV
linux-raspi, linux-raspi-realtime, linux-xilinx vulnerabilities2025-12-16
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-12-15

📋Vendor Advisories

17
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-386162026-02-27
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-17
Ubuntu
Linux kernel vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-15