{"id":"CVE-2025-38465","summary":"netlink: Fix wraparounds of sk-\u003esk_rmem_alloc.","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(&sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, &sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet's fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576","modified":"2026-04-16T04:40:19.582593237Z","published":"2025-07-25T15:27:47.510Z","related":["SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:03204-1","SUSE-SU-2025:03600-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38465.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4b8e18af7bea92f8b7fb92d40aeae729209db250"},{"type":"WEB","url":"https://git.kernel.org/stable/c/55baecb9eb90238f60a8350660d6762046ebd3bd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/76602d8e13864524382b0687dc32cd8f19164d5a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9da025150b7c14a8390fc06aea314c0a4011e82c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd7ff61bfffd7000143c42bbffb85eeb792466d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd69af06101090eaa60b3d216ae715f9c0a58e5b"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38465.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38465"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"9da025150b7c14a8390fc06aea314c0a4011e82c"},{"fixed":"c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98"},{"fixed":"fd69af06101090eaa60b3d216ae715f9c0a58e5b"},{"fixed":"76602d8e13864524382b0687dc32cd8f19164d5a"},{"fixed":"55baecb9eb90238f60a8350660d6762046ebd3bd"},{"fixed":"4b8e18af7bea92f8b7fb92d40aeae729209db250"},{"fixed":"cd7ff61bfffd7000143c42bbffb85eeb792466d6"},{"fixed":"ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38465.json"}}],"schema_version":"1.7.5"}