CVE-2025-38727 (GCVE-0-2025-38727)

Vulnerability from cvelistv5 – Published: 2025-09-04 15:33 – Updated: 2026-05-23 16:00
VLAI
Title
netlink: avoid infinite retry looping in netlink_unicast()
Summary
In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tries to wait for the memory under: rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf) The checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is equal to sk->sk_rcvbuf. Thus the function neither successfully accepts these conditions, nor manages to reschedule the task - and is called in retry loop for indefinite time which is caught as: rcu: INFO: rcu_sched self-detected stall on CPU rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212 (t=26000 jiffies g=230833 q=259957) NMI backtrace for cpu 0 CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014 Call Trace: <IRQ> dump_stack lib/dump_stack.c:120 nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62 rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335 rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590 update_process_times kernel/time/timer.c:1953 tick_sched_handle kernel/time/tick-sched.c:227 tick_sched_timer kernel/time/tick-sched.c:1399 __hrtimer_run_queues kernel/time/hrtimer.c:1652 hrtimer_interrupt kernel/time/hrtimer.c:1717 __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 asm_call_irq_on_stack arch/x86/entry/entry_64.S:808 </IRQ> netlink_attachskb net/netlink/af_netlink.c:1234 netlink_unicast net/netlink/af_netlink.c:1349 kauditd_send_queue kernel/audit.c:776 kauditd_thread kernel/audit.c:897 kthread kernel/kthread.c:328 ret_from_fork arch/x86/entry/entry_64.S:304 Restore the original behavior of the check which commit in Fixes accidentally missed when restructuring the code. Found by Linux Verification Center (linuxtesting.org).
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 9da025150b7c14a8390fc06aea314c0a4011e82c , < 47d49fd07f86d1f55ea1083287303d237e9e0922 (git)
Affected: c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98 , < 6bee383ff83352a693d03efdf27cdd80742f71b2 (git)
Affected: fd69af06101090eaa60b3d216ae715f9c0a58e5b , < f324959ad47e62e3cadaffa65d3cff790fb48529 (git)
Affected: 76602d8e13864524382b0687dc32cd8f19164d5a , < d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e (git)
Affected: 55baecb9eb90238f60a8350660d6762046ebd3bd , < 346c820ef5135cf062fa3473da955ef8c5fb6929 (git)
Affected: 4b8e18af7bea92f8b7fb92d40aeae729209db250 , < 44ddd7b1ae0b7edb2c832eb16798c827a05e58f0 (git)
Affected: cd7ff61bfffd7000143c42bbffb85eeb792466d6 , < 78fcd69d55c5f11d7694c547eca767a1cfd38ec4 (git)
Affected: ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc , < e8edc7de688791a337c068693f22e8d8b869df71 (git)
Affected: ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc , < 759dfc7d04bab1b0b86113f1164dc1fec192b859 (git)
Affected: 5.4.296 , < 5.4.297 (semver)
Affected: 5.10.240 , < 5.10.241 (semver)
Affected: 5.15.189 , < 5.15.190 (semver)
Affected: 6.1.146 , < 6.1.149 (semver)
Affected: 6.6.99 , < 6.6.103 (semver)
Affected: 6.12.39 , < 6.12.43 (semver)
Affected: 6.15.7 , < 6.15.11 (semver)
Create a notification for this product.
Linux Linux Affected: 6.16
Unaffected: 0 , < 6.16 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.241 , ≤ 5.10.* (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.1.149 , ≤ 6.1.* (semver)
Unaffected: 6.6.103 , ≤ 6.6.* (semver)
Unaffected: 6.12.43 , ≤ 6.12.* (semver)
Unaffected: 6.15.11 , ≤ 6.15.* (semver)
Unaffected: 6.16.2 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:41:56.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:05:56.721Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netlink/af_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "47d49fd07f86d1f55ea1083287303d237e9e0922",
              "status": "affected",
              "version": "9da025150b7c14a8390fc06aea314c0a4011e82c",
              "versionType": "git"
            },
            {
              "lessThan": "6bee383ff83352a693d03efdf27cdd80742f71b2",
              "status": "affected",
              "version": "c4ceaac5c5ba0b992ee1dc88e2a02421549e5c98",
              "versionType": "git"
            },
            {
              "lessThan": "f324959ad47e62e3cadaffa65d3cff790fb48529",
              "status": "affected",
              "version": "fd69af06101090eaa60b3d216ae715f9c0a58e5b",
              "versionType": "git"
            },
            {
              "lessThan": "d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e",
              "status": "affected",
              "version": "76602d8e13864524382b0687dc32cd8f19164d5a",
              "versionType": "git"
            },
            {
              "lessThan": "346c820ef5135cf062fa3473da955ef8c5fb6929",
              "status": "affected",
              "version": "55baecb9eb90238f60a8350660d6762046ebd3bd",
              "versionType": "git"
            },
            {
              "lessThan": "44ddd7b1ae0b7edb2c832eb16798c827a05e58f0",
              "status": "affected",
              "version": "4b8e18af7bea92f8b7fb92d40aeae729209db250",
              "versionType": "git"
            },
            {
              "lessThan": "78fcd69d55c5f11d7694c547eca767a1cfd38ec4",
              "status": "affected",
              "version": "cd7ff61bfffd7000143c42bbffb85eeb792466d6",
              "versionType": "git"
            },
            {
              "lessThan": "e8edc7de688791a337c068693f22e8d8b869df71",
              "status": "affected",
              "version": "ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc",
              "versionType": "git"
            },
            {
              "lessThan": "759dfc7d04bab1b0b86113f1164dc1fec192b859",
              "status": "affected",
              "version": "ae8f160e7eb24240a2a79fc4c815c6a0d4ee16cc",
              "versionType": "git"
            },
            {
              "lessThan": "5.4.297",
              "status": "affected",
              "version": "5.4.296",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.241",
              "status": "affected",
              "version": "5.10.240",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.190",
              "status": "affected",
              "version": "5.15.189",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.149",
              "status": "affected",
              "version": "6.1.146",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.103",
              "status": "affected",
              "version": "6.6.99",
              "versionType": "semver"
            },
            {
              "lessThan": "6.12.43",
              "status": "affected",
              "version": "6.12.39",
              "versionType": "semver"
            },
            {
              "lessThan": "6.15.11",
              "status": "affected",
              "version": "6.15.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netlink/af_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.16"
            },
            {
              "lessThan": "6.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "5.4.296",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.10.240",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.15.189",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "6.1.146",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "6.6.99",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.43",
                  "versionStartIncluding": "6.12.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.11",
                  "versionStartIncluding": "6.15.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "6.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n  rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n  rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n  rcu: INFO: rcu_sched self-detected stall on CPU\n  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n  (t=26000 jiffies g=230833 q=259957)\n  NMI backtrace for cpu 0\n  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n  Call Trace:\n  \u003cIRQ\u003e\n  dump_stack lib/dump_stack.c:120\n  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n  update_process_times kernel/time/timer.c:1953\n  tick_sched_handle kernel/time/tick-sched.c:227\n  tick_sched_timer kernel/time/tick-sched.c:1399\n  __hrtimer_run_queues kernel/time/hrtimer.c:1652\n  hrtimer_interrupt kernel/time/hrtimer.c:1717\n  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n  \u003c/IRQ\u003e\n\n  netlink_attachskb net/netlink/af_netlink.c:1234\n  netlink_unicast net/netlink/af_netlink.c:1349\n  kauditd_send_queue kernel/audit.c:776\n  kauditd_thread kernel/audit.c:897\n  kthread kernel/kthread.c:328\n  ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:00:26.161Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922"
        },
        {
          "url": "https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529"
        },
        {
          "url": "https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929"
        },
        {
          "url": "https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71"
        },
        {
          "url": "https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859"
        }
      ],
      "title": "netlink: avoid infinite retry looping in netlink_unicast()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38727",
    "datePublished": "2025-09-04T15:33:25.286Z",
    "dateReserved": "2025-04-16T04:51:24.033Z",
    "dateUpdated": "2026-05-23T16:00:26.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-38727",
      "date": "2026-05-25",
      "epss": "0.00014",
      "percentile": "0.02626"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38727\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-04T16:15:42.713\",\"lastModified\":\"2026-05-12T13:17:02.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetlink: avoid infinite retry looping in netlink_unicast()\\n\\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\\nconstraints. Firstly, it has:\\n\\n  rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\\n\\nto check if the just increased rmem value fits into the socket\u0027s receive\\nbuffer. If not, it proceeds and tries to wait for the memory under:\\n\\n  rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\\n\\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\\nthese conditions, nor manages to reschedule the task - and is called in\\nretry loop for indefinite time which is caught as:\\n\\n  rcu: INFO: rcu_sched self-detected stall on CPU\\n  rcu:     0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\\n  (t=26000 jiffies g=230833 q=259957)\\n  NMI backtrace for cpu 0\\n  CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\\n  Call Trace:\\n  \u003cIRQ\u003e\\n  dump_stack lib/dump_stack.c:120\\n  nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\\n  nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\\n  rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\\n  rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\\n  update_process_times kernel/time/timer.c:1953\\n  tick_sched_handle kernel/time/tick-sched.c:227\\n  tick_sched_timer kernel/time/tick-sched.c:1399\\n  __hrtimer_run_queues kernel/time/hrtimer.c:1652\\n  hrtimer_interrupt kernel/time/hrtimer.c:1717\\n  __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\\n  asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\\n  \u003c/IRQ\u003e\\n\\n  netlink_attachskb net/netlink/af_netlink.c:1234\\n  netlink_unicast net/netlink/af_netlink.c:1349\\n  kauditd_send_queue kernel/audit.c:776\\n  kauditd_thread kernel/audit.c:897\\n  kthread kernel/kthread.c:328\\n  ret_from_fork arch/x86/entry/entry_64.S:304\\n\\nRestore the original behavior of the check which commit in Fixes\\naccidentally missed when restructuring the code.\\n\\nFound by Linux Verification Center (linuxtesting.org).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.146\",\"versionEndExcluding\":\"6.1.149\",\"matchCriteriaId\":\"81B2A3AB-7EDD-4A86-A6DE-578C92109750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.99\",\"versionEndExcluding\":\"6.6.103\",\"matchCriteriaId\":\"BB7770EC-6722-4972-A31B-8A3FF8093654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.12.39\",\"versionEndExcluding\":\"6.12.43\",\"matchCriteriaId\":\"66C90F36-657B-4AEE-9904-2AF95EA7920F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.15.7\",\"versionEndExcluding\":\"6.15.11\",\"matchCriteriaId\":\"B61C948D-1EE2-4D6F-AA21-5EB6E3C263F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.16.1\",\"versionEndExcluding\":\"6.16.2\",\"matchCriteriaId\":\"3D18D370-ABE4-48A4-A953-C7A2D7BE7210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.4.296:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAAD549-C67B-41DE-B9BC-9DD6C63698A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.10.240:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A07714F-7EC7-40FD-BD62-410EE6619A10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.15.189:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37B96E15-5206-4222-8214-8DCDF74FEC5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6238B17D-C12B-458F-A138-97039BFC4595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3827F0D4-5FEE-4181-B267-5A45E7CA11FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A9C2DE5-43B8-4D73-BDB5-EA55C7671A52\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.