CVE-2025-38112
📋 TL;DR
A race condition vulnerability in the Linux kernel's sk_is_readable() function can cause a null pointer dereference when sockets are removed from sockmaps. This affects Linux systems using sockmap functionality, potentially leading to kernel crashes or denial of service. The vulnerability requires specific conditions to trigger but affects all Linux distributions with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical reboot of affected systems.
Likely Case
Local denial of service through kernel crash when specific socket operations occur during sockmap removal.
If Mitigated
Minor performance impact or no effect if vulnerable code path isn't triggered.
🎯 Exploit Status
Exploitation requires precise timing to trigger the race condition and local access to the system. No known public exploits at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 1b367ba2f94251822577daed031d6b9a9e11ba91, 1e0de7582ceccbdbb227d4e0ddf65732f92526da, 2660a544fdc0940bba15f70508a46cf9a6491230, 6fa68d7eab34d448a61aa24ea31e68b3231ed20d, 8926a7ef1977a832dd6bf702f1a99303dbf15b15
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your Linux distribution for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable sockmap functionality
linuxPrevent use of sockmap features which trigger the vulnerable code path
echo 'blacklist sockmap' >> /etc/modprobe.d/blacklist.conf
rmmod sockmap
🧯 If You Can't Patch
- Restrict local user access to prevent potential exploitation
- Monitor system logs for kernel panic events and implement high availability solutions
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions. Vulnerable if using unpatched kernel with sockmap functionality.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: 'uname -r' and check with distribution's security advisories.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- Null pointer dereference errors in kernel logs
Network Indicators:
- Sudden loss of network connectivity on affected systems
SIEM Query:
source="kernel" AND ("panic" OR "NULL pointer dereference" OR "Oops")🔗 References
- https://git.kernel.org/stable/c/1b367ba2f94251822577daed031d6b9a9e11ba91
- https://git.kernel.org/stable/c/1e0de7582ceccbdbb227d4e0ddf65732f92526da
- https://git.kernel.org/stable/c/2660a544fdc0940bba15f70508a46cf9a6491230
- https://git.kernel.org/stable/c/6fa68d7eab34d448a61aa24ea31e68b3231ed20d
- https://git.kernel.org/stable/c/8926a7ef1977a832dd6bf702f1a99303dbf15b15
- https://git.kernel.org/stable/c/c2b26638476baee154920bb587fc94ff1bf04336
- https://git.kernel.org/stable/c/ff55c85a923e043d59d26b20a673a1b4a219c310
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
