Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38190

In the Linux kernel, the following vulnerability has been resolved:

atm: Revert atm_account_tx() if copy_from_iter_full() fails.

In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx().

It is expected to be reverted by atm_pop_raw() later called by vcc->dev->ops->send(vcc, skb).

However, vcc_sendmsg() misses the same revert when copy_from_iter_full() fails, and then we will leak a socket.

Let's factorise the revert part as atm_return_tx() and call it in the failure path.

Note that the corresponding sk_wmem_alloc operation can be found in alloc_tx() as of the blamed commit.

$ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~

  • Published: Jul 4, 2025
  • Updated: Dec 19, 2025
  • CVE: CVE-2025-38190
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 2.6.13 5.4.295
linux / linux_kernel 5.5 5.10.239
linux / linux_kernel 5.11 5.15.186
linux / linux_kernel 5.16 6.1.142
linux / linux_kernel 6.2 6.6.95
linux / linux_kernel 6.7 6.12.35
linux / linux_kernel 6.13 6.15.4
linux / linux_kernel 2.6.12 2.6.12.x
linux / linux_kernel 2.6.12-rc2 2.6.12-rc2.x
linux / linux_kernel 2.6.12-rc3 2.6.12-rc3.x
linux / linux_kernel 2.6.12-rc4 2.6.12-rc4.x
linux / linux_kernel 2.6.12-rc5 2.6.12-rc5.x
linux / linux_kernel 6.16-rc1 6.16-rc1.x
linux / linux_kernel 6.16-rc2 6.16-rc2.x
debian / debian_linux 11.0 11.0.x