{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38441","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.016Z","datePublished":"2025-07-25T15:27:20.276Z","dateUpdated":"2026-05-11T21:28:04.066Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:28:04.066Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()\n\nsyzbot found a potential access to uninit-value in nf_flow_pppoe_proto()\n\nBlamed commit forgot the Ethernet header.\n\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n  nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n  nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n  nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623\n  nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n  nf_ingress net/core/dev.c:5742 [inline]\n  __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837\n  __netif_receive_skb_one_core net/core/dev.c:5975 [inline]\n  __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090\n  netif_receive_skb_internal net/core/dev.c:6176 [inline]\n  netif_receive_skb+0x57/0x630 net/core/dev.c:6235\n  tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n  tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938\n  tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984\n  new_sync_write fs/read_write.c:593 [inline]\n  vfs_write+0xb4b/0x1580 fs/read_write.c:686\n  ksys_write fs/read_write.c:738 [inline]\n  __do_sys_write fs/read_write.c:749 [inline]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/net/netfilter/nf_flow_table.h"],"versions":[{"version":"d06977b9a4109f8738bb276125eb6a0b772bc433","lessThan":"a3aea97d55964e70a1e6426aa4cafdc036e8a2dd","status":"affected","versionType":"git"},{"version":"8bf7c76a2a207ca2b4cfda0a279192adf27678d7","lessThan":"eed8960b289327235185b7c32649c3470a3e969b","status":"affected","versionType":"git"},{"version":"a2471d271042ea18e8a6babc132a8716bb2f08b9","lessThan":"9fbc49429a23b02595ba82536c5ea425fdabb221","status":"affected","versionType":"git"},{"version":"87b3593bed1868b2d9fe096c01bcdf0ea86cbebf","lessThan":"e0dd2e9729660f3f4fcb16e0aef87342911528ef","status":"affected","versionType":"git"},{"version":"87b3593bed1868b2d9fe096c01bcdf0ea86cbebf","lessThan":"cfbf0665969af2c69d10c377d4c3d306e717efb4","status":"affected","versionType":"git"},{"version":"87b3593bed1868b2d9fe096c01bcdf0ea86cbebf","lessThan":"18cdb3d982da8976b28d57691eb256ec5688fad2","status":"affected","versionType":"git"},{"version":"cf366ee3bc1b7d1c76a882640ba3b3f8f1039163","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/net/netfilter/nf_flow_table.h"],"versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","status":"unaffected","versionType":"semver"},{"version":"5.15.189","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.146","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.99","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.39","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.7","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.157","versionEndExcluding":"5.15.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.88","versionEndExcluding":"6.1.146"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.29","versionEndExcluding":"6.6.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.15.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd"},{"url":"https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b"},{"url":"https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221"},{"url":"https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef"},{"url":"https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4"},{"url":"https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2"}],"title":"netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:38:03.697Z"}}]}}