{"id":"CVE-2025-38018","summary":"net/tls: fix kernel panic when alloc_page failed","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix kernel panic when alloc_page failed\n\nWe cannot set frag_list to NULL pointer when alloc_page failed.\nIt will be used in tls_strp_check_queue_ok when the next time\ntls_strp_read_sock is called.\n\nThis is because we don't reset full_len in tls_strp_flush_anchor_copy()\nso the recv path will try to continue handling the partial record\non the next call but we dettached the rcvq from the frag list.\nAlternative fix would be to reset full_len.\n\nUnable to handle kernel NULL pointer dereference\nat virtual address 0000000000000028\n Call trace:\n tls_strp_check_rcv+0x128/0x27c\n tls_strp_data_ready+0x34/0x44\n tls_data_ready+0x3c/0x1f0\n tcp_data_ready+0x9c/0xe4\n tcp_data_queue+0xf6c/0x12d0\n tcp_rcv_established+0x52c/0x798","modified":"2026-04-02T12:47:44.922121Z","published":"2025-06-18T09:28:26.443Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20475-1","SUSE-SU-2025:20483-1","SUSE-SU-2025:20493-1","SUSE-SU-2025:20498-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38018.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/406d05da26835943568e61bb751c569efae071d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/491deb9b8c4ad12fe51d554a69b8165b9ef9429f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f1f833cb388592bb46104463a1ec1b7c41975b6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8f7f96549bc55e4ef3a6b499bc5011e5de2f46c4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a11b8c0be6acd0505a58ff40d474bd778b25b93a"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38018.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38018"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"84c61fe1a75b4255df1e1e7c054c9e6d048da417"},{"fixed":"8f7f96549bc55e4ef3a6b499bc5011e5de2f46c4"},{"fixed":"406d05da26835943568e61bb751c569efae071d4"},{"fixed":"a11b8c0be6acd0505a58ff40d474bd778b25b93a"},{"fixed":"5f1f833cb388592bb46104463a1ec1b7c41975b6"},{"fixed":"491deb9b8c4ad12fe51d554a69b8165b9ef9429f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38018.json"}}],"schema_version":"1.7.5"}