AZL-64398

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64398.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64398

Upstream

CVE-2025-38089

Published

2025-06-30T08:15:23Z

Modified

2026-04-01T05:20:19.260026Z

Summary

CVE-2025-38089 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVCGARBAGE is returned without setting the rqaccept_statp pointer, then that pointer can be dereferenced and a value stored there.

If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble.

The server sunrpc code treats a SVCGARBAGE return from svcauthenticate or pgauthenticate as if it should send a GARBAGEARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR.

Handle a SVCGARBAGE return as an AUTHERROR, with a reason of AUTHBADCRED instead of returning GARBAGEARGS in that case. This sidesteps the whole problem of touching the rpcacceptstatp pointer in this situation and avoids the crash.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38089

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64398.json"