AZL-72956

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72956.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-72956
Upstream
Published
2025-07-25T16:15:32Z
Modified
2026-04-01T05:22:14.526288Z
Summary
CVE-2025-38465 affecting package kernel for versions less than 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

netlink: Fix wraparounds of sk->skrmemalloc.

Netlink has this pattern in some places

if (atomicread(&sk->skrmemalloc) > sk->skrcvbuf) atomicadd(skb->truesize, &sk->skrmem_alloc);

, which has the same problem fixed by commit 5a465a0da13e ("udp: Fix multiple wraparounds of sk->skrmemalloc.").

For example, if we set INTMAX to SORCVBUFFORCE, the condition is always false as the two operands are of int.

Then, a single socket can eat as many skb as possible until OOM happens, and we can see multiple wraparounds of sk->skrmemalloc.

Let's fix it by using atomicaddreturn() and comparing the two variables as unsigned int.

Before: [root@fedora ~]# ss -f netlink Recv-Q Send-Q Local Address:Port Peer Address:Port -1668710080 0 rtnl:nl_wraparound/293 *

After: [root@fedora ~]# ss -f netlink Recv-Q Send-Q Local Address:Port Peer Address:Port 2147483072 0 rtnl:nlwraparound/290 * ^ `--- INTMAX - 576

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72956.json"