CVE-2025-38112
Published: Jul 3, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from sockmap), sk->sk_prot gets restored and sk->sk_prot->sock_is_readable becomes NULL. This makes sk_is_readable() racy, if the value of sk->sk_prot is reloaded after the initial check. Which in turn may lead to a null pointer dereference. Ensure the function pointer does not turn NULL after the check.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8934ce2fd08171e8605f7fada91ee7619fe17ab8 - < c2b26638476baee154920bb587fc94ff1bf04336affected 8934ce2fd08171e8605f7fada91ee7619fe17ab8 - < 6fa68d7eab34d448a61aa24ea31e68b3231ed20daffected 8934ce2fd08171e8605f7fada91ee7619fe17ab8 - < 8926a7ef1977a832dd6bf702f1a99303dbf15b15affected 8934ce2fd08171e8605f7fada91ee7619fe17ab8 - < ff55c85a923e043d59d26b20a673a1b4a219c310affected 8934ce2fd08171e8605f7fada91ee7619fe17ab8 - < 1e0de7582ceccbdbb227d4e0ddf65732f92526da+2 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*unaffected 6.1.142 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now