CVE-2025-38148 – A memory leak vulnerability exists in the Linux... (How to Fix)

Q: What is the severity of CVE-2025-38148?

CVE-2025-38148 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability exists in the Linux kernel's MSCC PHY driver when using one-step timestamping. This causes kernel memory exhaustion over time, potentially leading to system instability or denial of service. Systems using affected Linux kernel versions with MSCC PHY hardware and one-step timestamping enabled are vulnerable.

📋 TL;DR

A memory leak vulnerability exists in the Linux kernel's MSCC PHY driver when using one-step timestamping. This causes kernel memory exhaustion over time, potentially leading to system instability or denial of service. Systems using affected Linux kernel versions with MSCC PHY hardware and one-step timestamping enabled are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches exist in stable kernel trees

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using MSCC PHY hardware with one-step timestamping enabled. Requires specific network hardware and configuration.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could exhaust kernel memory, causing system crashes, denial of service, or kernel panic requiring reboot.

🟠

Likely Case

Gradual memory consumption leading to system performance degradation and eventual instability over time.

🟢

If Mitigated

Minimal impact if one-step timestamping is disabled or systems are patched.

🌐 Internet-Facing: LOW - Requires specific hardware and configuration, not directly network-exploitable.

🏢 Internal Only: MEDIUM - Affects systems with specific network hardware configurations internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access or ability to trigger one-step timestamping operations. Memory leak is gradual, not immediate.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions via provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable one-step timestamping

linux

Disable one-step timestamping feature on MSCC PHY hardware

echo 0 > /sys/class/net/[interface]/phy/one_step_timestamping

🧯 If You Can't Patch

Disable one-step timestamping on all MSCC PHY interfaces
Monitor kernel memory usage and restart systems showing memory exhaustion

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MSCC PHY hardware with one-step timestamping is in use

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the patch commits: 0b40aeaf83ca, 24b24295464f, 66abe2201752, 846992645b25, or cdbabd316c5a

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages
System instability logs
High kernel memory usage

Network Indicators:

None specific - this is a local memory management issue

SIEM Query:

Search for kernel panic logs or memory exhaustion alerts on systems with MSCC PHY hardware

📊 Metadata

CVE ID: CVE-2025-38148

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.03% exploit probability (7th percentile)

Published: July 3, 2025

Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38148, you might also want to check these: