CVE-2025-38441

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38441
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38441.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38441
Downstream
Related
Published
2025-07-25T15:27:20.276Z
Modified
2025-11-28T02:35:06.451910Z
Summary
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: account for Ethernet header in nfflowpppoe_proto()

syzbot found a potential access to uninit-value in nfflowpppoe_proto()

Blamed commit forgot the Ethernet header.

BUG: KMSAN: uninit-value in nfflowoffloadinethook+0x7e4/0x940 net/netfilter/nfflowtableinet.c:27 nfflowoffloadinethook+0x7e4/0x940 net/netfilter/nfflowtableinet.c:27 nfhookentryhookfn include/linux/netfilter.h:157 [inline] nfhookslow+0xe1/0x3d0 net/netfilter/core.c:623 nfhookingress include/linux/netfilternetdev.h:34 [inline] nfingress net/core/dev.c:5742 [inline] _netifreceiveskbcore+0x4aff/0x70c0 net/core/dev.c:5837 _netifreceiveskbonecore net/core/dev.c:5975 [inline] _netifreceiveskb+0xcc/0xac0 net/core/dev.c:6090 netifreceiveskbinternal net/core/dev.c:6176 [inline] netifreceiveskb+0x57/0x630 net/core/dev.c:6235 tunrxbatched+0x1df/0x980 drivers/net/tun.c:1485 tungetuser+0x4ee0/0x6b40 drivers/net/tun.c:1938 tunchrwriteiter+0x3e9/0x5c0 drivers/net/tun.c:1984 newsyncwrite fs/readwrite.c:593 [inline] vfswrite+0xb4b/0x1580 fs/readwrite.c:686 ksyswrite fs/readwrite.c:738 [inline] _dosyswrite fs/readwrite.c:749 [inline]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38441.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d06977b9a4109f8738bb276125eb6a0b772bc433
Fixed
a3aea97d55964e70a1e6426aa4cafdc036e8a2dd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8bf7c76a2a207ca2b4cfda0a279192adf27678d7
Fixed
eed8960b289327235185b7c32649c3470a3e969b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a2471d271042ea18e8a6babc132a8716bb2f08b9
Fixed
9fbc49429a23b02595ba82536c5ea425fdabb221
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
87b3593bed1868b2d9fe096c01bcdf0ea86cbebf
Fixed
e0dd2e9729660f3f4fcb16e0aef87342911528ef
Fixed
cfbf0665969af2c69d10c377d4c3d306e717efb4
Fixed
18cdb3d982da8976b28d57691eb256ec5688fad2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf366ee3bc1b7d1c76a882640ba3b3f8f1039163

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.189
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.146
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.99
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.39
Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.15.7