U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38190 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: atm: Revert atm_account_tx() if copy_from_iter_full() fails. In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx(). It is expected to be reverted by atm_pop_raw() later called by vcc->dev->ops->send(vcc, skb). However, vcc_sendmsg() misses the same revert when copy_from_iter_full() fails, and then we will leak a socket. Let's factorise the revert part as atm_return_tx() and call it in the failure path. Note that the corresponding sk_wmem_alloc operation can be found in alloc_tx() as of the blamed commit. $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/2252c539c43f9a1431a7e8b34e3c18e9dd77a96d kernel.org
https://git.kernel.org/stable/c/287b4f085d2ca3375cf1ee672af27410c64777e8 kernel.org
https://git.kernel.org/stable/c/3902205eadf35db59dbc2186c2a98b9e6182efa5 kernel.org
https://git.kernel.org/stable/c/3d828519bd69bfcaabdd942a872679617ef06739 kernel.org
https://git.kernel.org/stable/c/5e0d00992118e234ebf29d5145c1cc920342777e kernel.org
https://git.kernel.org/stable/c/7851263998d4269125fd6cb3fdbfc7c6db853859 kernel.org
https://git.kernel.org/stable/c/7d6bc28cfe5c8e3a279b4b4bdeed6698b2702685 kernel.org
https://git.kernel.org/stable/c/c12430edd92fd49a4800b0f3fb395b50cb16bcc1 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38190
NVD Published Date:
07/04/2025
NVD Last Modified:
07/08/2025
Source:
kernel.org