CVE-2025-38545

Published: Aug 16, 2025Modified: Nov 18, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info While transitioning from netdev_alloc_ip_align() to build_skb(), memory for the "skb_shared_info" member of an "skb" was not allocated. Fix this by allocating "PAGE_SIZE" as the skb length, accounting for the packet length, headroom and tailroom, thereby including the required memory space for skb_shared_info.

Affected (7)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.10 to 6.12.39
Linux Linux Kernel	From 6.13 to 6.15.7
Linux Linux Kernel	Version 6.16 rc1
Linux Linux Kernel	Version 6.16 rc2
Linux Linux Kernel	Version 6.16 rc3
Linux Linux Kernel	Version 6.16 rc4
Linux Linux Kernel	Version 6.16 rc5

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/02c4d6c26f1f662da8885b299c224ca6628ad232

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/7d6ca0c8c0caf9a13cae2de763bb1f2a9ea7eabb

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fc2fffa2facac15ce711e95f98f954426e025bc5

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.