SB20250727106 - Buffer overflow in Linux kernel netlink
Published: July 27, 2025
Security Bulletin ID
SB20250727106
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4b8e18af7bea92f8b7fb92d40aeae729209db250
- https://git.kernel.org/stable/c/55baecb9eb90238f60a8350660d6762046ebd3bd
- https://git.kernel.org/stable/c/76602d8e13864524382b0687dc32cd8f19164d5a
- https://git.kernel.org/stable/c/9da025150b7c14a8390fc06aea314c0a4011e82c
- https://git.kernel.org/stable/c/ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc
- https://git.kernel.org/stable/c/c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98
- https://git.kernel.org/stable/c/cd7ff61bfffd7000143c42bbffb85eeb792466d6
- https://git.kernel.org/stable/c/fd69af06101090eaa60b3d216ae715f9c0a58e5b