CVE-2025-38057
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's espintcp module where certain error paths fail to free socket buffers (skb). This affects systems using IPsec ESP in TCP mode and could lead to resource exhaustion. All Linux systems with the vulnerable kernel code are potentially affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system instability, denial of service, or potential kernel panic.
Likely Case
Intermittent memory leaks under specific error conditions, potentially causing performance degradation or service disruption over time.
If Mitigated
With proper monitoring and resource limits, impact would be limited to occasional performance issues that can be detected and addressed.
🎯 Exploit Status
Exploitation requires triggering specific error conditions in the espintcp module, which may require network access and specific IPsec configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fixes from the provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/05db2b850a2b8b17f3d1799f563ea1d550e05ed5
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the kernel version after reboot.
🔧 Temporary Workarounds
Disable IPsec ESP in TCP mode
linuxIf not required, disable the espintcp module or IPsec ESP in TCP mode configuration
Check if espintcp is loaded: lsmod | grep espintcp
Unload module: rmmod espintcp
🧯 If You Can't Patch
- Monitor kernel memory usage and system stability metrics
- Implement network controls to limit traffic to IPsec ESP in TCP mode services
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution security advisories. Check if espintcp module is loaded: lsmod | grep espintcpCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor advisory📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System instability or crash reports
- Memory exhaustion warnings in system logs
Network Indicators:
- Unusual traffic patterns targeting IPsec services
- Connection attempts to trigger espintcp error conditions
SIEM Query:
source="kernel" AND ("oom" OR "out of memory" OR "panic") AND host contains affected systems🔗 References
- https://git.kernel.org/stable/c/05db2b850a2b8b17f3d1799f563ea1d550e05ed5
- https://git.kernel.org/stable/c/28756f22de48d25256ed89234b66b9037a3f0157
- https://git.kernel.org/stable/c/63c1f19a3be3169e51a5812d22a6d0c879414076
- https://git.kernel.org/stable/c/d8d79cf8c2b7475c22f9874eb844bcc80f858b13
- https://git.kernel.org/stable/c/e2e1f50fc5ebd2826c4e8c558dc65434382d0c0b
- https://git.kernel.org/stable/c/eb058693dfc93ed7a9c365adb899fedd648b9d9f
