{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38574","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.025Z","datePublished":"2025-08-19T17:02:53.866Z","dateUpdated":"2026-05-11T21:30:43.635Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:30:43.635Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npptp: ensure minimal skb length in pptp_xmit()\n\nCommit aabc6596ffb3 (\"net: ppp: Add bound checking for skb data\non ppp_sync_txmung\") fixed ppp_sync_txmunge()\n\nWe need a similar fix in pptp_xmit(), otherwise we might\nread uninit data as reported by syzbot.\n\nBUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n  pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n  ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]\n  ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314\n  pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379\n  sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n  __release_sock+0x1d3/0x330 net/core/sock.c:3213\n  release_sock+0x6b/0x270 net/core/sock.c:3767\n  pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904\n  sock_sendmsg_nosec net/socket.c:712 [inline]\n  __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n  ____sys_sendmsg+0x893/0xd80 net/socket.c:2566\n  ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n  __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ppp/pptp.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"97b8c5d322c5c0038cac4bc56fdbe237d0be426f","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"26672f1679b143aa34fca0b6046b7fd0c184770d","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5de7513f38f3c19c0610294ee478242bea356f8c","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"504cc4ab91073d2ac7404ad146139f86ecee7193","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5005d24377378a20e5c0e53052fc4ebdcdcbc611","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ea99b88b1999ebcb24d5d3a6b7910030f40d3bba","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b7dcda76fd0615c0599c89f36873a6cd48e02dbb","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1a04db0fd75cb6034fc27a56b67b3b8b9022a98c","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"de9c4861fb42f0cd72da844c3c34f692d5895b7b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ppp/pptp.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"5.4.297","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.241","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.190","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.148","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.102","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.42","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.10","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.1","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.148"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.6.102"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.12.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.16.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/97b8c5d322c5c0038cac4bc56fdbe237d0be426f"},{"url":"https://git.kernel.org/stable/c/26672f1679b143aa34fca0b6046b7fd0c184770d"},{"url":"https://git.kernel.org/stable/c/5de7513f38f3c19c0610294ee478242bea356f8c"},{"url":"https://git.kernel.org/stable/c/504cc4ab91073d2ac7404ad146139f86ecee7193"},{"url":"https://git.kernel.org/stable/c/5005d24377378a20e5c0e53052fc4ebdcdcbc611"},{"url":"https://git.kernel.org/stable/c/ea99b88b1999ebcb24d5d3a6b7910030f40d3bba"},{"url":"https://git.kernel.org/stable/c/b7dcda76fd0615c0599c89f36873a6cd48e02dbb"},{"url":"https://git.kernel.org/stable/c/1a04db0fd75cb6034fc27a56b67b3b8b9022a98c"},{"url":"https://git.kernel.org/stable/c/de9c4861fb42f0cd72da844c3c34f692d5895b7b"}],"title":"pptp: ensure minimal skb length in pptp_xmit()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:40:01.333Z"}}]}}