SB2025082083 - Use of uninitialized resource in Linux kernel tls
Published: August 20, 2025
Security Bulletin ID
SB2025082083
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0e853c1464bcf61207f8b5c32d2ac5ee495e859d
- https://git.kernel.org/stable/c/16aca8bb4ad0d8a13c8b6da4007f4e52d53035bb
- https://git.kernel.org/stable/c/178f6a5c8cb3b6be1602de0964cd440243f493c9
- https://git.kernel.org/stable/c/1e480387d4b42776f8957fb148af9d75ce93b96d
- https://git.kernel.org/stable/c/90d6ef67440cec2a0aad71a0108c8f216437345c
- https://git.kernel.org/stable/c/ee03766d79de0f61ea29ffb6ab1c7b196ea1b02e