In the Linux kernel, the following vulnerability has been resolved:

net: Fix TOCTOU issue in sk_is_readable()

sk->sk_prot->sock_is_readable is a valid function pointer when sk resides
in a sockmap. After the last sk_psock_put() (which usually happens when
socket is removed from sockmap), sk->sk_prot gets restored and
sk->sk_prot->sock_is_readable becomes NULL.

This makes sk_is_readable() racy, if the value of sk->sk_prot is reloaded
after the initial check. Which in turn may lead to a null pointer
dereference.

Ensure the function pointer does not turn NULL after the check.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux
  • Linux Kernel
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/1b367ba2f94251822577daed031d6b9a9e11ba91 cve-icon cve-icon
https://git.kernel.org/stable/c/1e0de7582ceccbdbb227d4e0ddf65732f92526da cve-icon cve-icon
https://git.kernel.org/stable/c/2660a544fdc0940bba15f70508a46cf9a6491230 cve-icon cve-icon
https://git.kernel.org/stable/c/6fa68d7eab34d448a61aa24ea31e68b3231ed20d cve-icon cve-icon
https://git.kernel.org/stable/c/8926a7ef1977a832dd6bf702f1a99303dbf15b15 cve-icon cve-icon
https://git.kernel.org/stable/c/c2b26638476baee154920bb587fc94ff1bf04336 cve-icon cve-icon
https://git.kernel.org/stable/c/ff55c85a923e043d59d26b20a673a1b4a219c310 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025070324-CVE-2025-38112-57a2@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38112 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38112 cve-icon
History

Fri, 04 Jul 2025 00:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Thu, 03 Jul 2025 09:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from sockmap), sk->sk_prot gets restored and sk->sk_prot->sock_is_readable becomes NULL. This makes sk_is_readable() racy, if the value of sk->sk_prot is reloaded after the initial check. Which in turn may lead to a null pointer dereference. Ensure the function pointer does not turn NULL after the check.
Title net: Fix TOCTOU issue in sk_is_readable()
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-07-28T04:12:29.484Z

Reserved: 2025-04-16T04:51:23.985Z

Link: CVE-2025-38112

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-03T09:15:24.960

Modified: 2025-07-03T15:13:53.147

Link: CVE-2025-38112

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-03T00:00:00Z

Links: CVE-2025-38112 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-06T22:16:23Z