CVE-2025-38402
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38402
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38402.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38402
- Downstream
- Related
- Published
- 2025-07-25T12:53:45Z
- Modified
- 2025-10-22T13:59:55.336076Z
- Summary
- idpf: return 0 size for RSS key if not supported
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
idpf: return 0 size for RSS key if not supported
Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result.
-EOPNOTSUPP as a size probably will lead to allocation fail.
Command: ethtool -x eth0 It is visible on all devices that don't have RSS caps set.
[ 136.615917] Call Trace: [ 136.615921] <TASK> [ 136.615927] ? warn+0x89/0x130 [ 136.615942] ? _allocfrozenpagesnoprof+0x322/0x330 [ 136.615953] ? reportbug+0x164/0x190 [ 136.615968] ? handlebug+0x58/0x90 [ 136.615979] ? excinvalidop+0x17/0x70 [ 136.615987] ? asmexcinvalidop+0x1a/0x20 [ 136.616001] ? rssprepareget.constprop.0+0xb9/0x170 [ 136.616016] ? _allocfrozenpagesnoprof+0x322/0x330 [ 136.616028] _allocpagesnoprof+0xe/0x20 [ 136.616038] kmalloclargenode+0x80/0x110 [ 136.616072] _kmalloclargenodenoprof+0x1d/0xa0 [ 136.616081] _kmallocnoprof+0x32c/0x4c0 [ 136.616098] ? rssprepareget.constprop.0+0xb9/0x170 [ 136.616105] rssprepareget.constprop.0+0xb9/0x170 [ 136.616114] ethnldefaultdoit+0x107/0x3d0 [ 136.616131] genlfamilyrcvmsgdoit+0x100/0x160 [ 136.616147] genlrcvmsg+0x1b8/0x2c0 [ 136.616156] ? _pfxethnldefaultdoit+0x10/0x10 [ 136.616168] ? _pfxgenlrcvmsg+0x10/0x10 [ 136.616176] netlinkrcvskb+0x58/0x110 [ 136.616186] genlrcv+0x28/0x40 [ 136.616195] netlinkunicast+0x19b/0x290 [ 136.616206] netlinksendmsg+0x222/0x490 [ 136.616215] _syssendto+0x1fd/0x210 [ 136.616233] _x64syssendto+0x24/0x30 [ 136.616242] dosyscall64+0x82/0x160 [ 136.616252] ? _sysrecvmsg+0x83/0xe0 [ 136.616265] ? syscallexittousermode+0x10/0x210 [ 136.616275] ? dosyscall64+0x8e/0x160 [ 136.616282] ? _countmemcgevents+0xa1/0x130 [ 136.616295] ? countmemcgevents.constprop.0+0x1a/0x30 [ 136.616306] ? handlemmfault+0xae/0x2d0 [ 136.616319] ? douseraddrfault+0x379/0x670 [ 136.616328] ? clearbhbloop+0x45/0xa0 [ 136.616340] ? clearbhbloop+0x45/0xa0 [ 136.616349] ? clearbhbloop+0x45/0xa0 [ 136.616359] entrySYSCALL64afterhwframe+0x76/0x7e [ 136.616369] RIP: 0033:0x7fd30ba7b047 [ 136.616376] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d bd d5 0c 00 00 41 89 ca 74 10 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 71 c3 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 [ 136.616381] RSP: 002b:00007ffde1796d68 EFLAGS: 00000202 ORIGRAX: 000000000000002c [ 136.616388] RAX: ffffffffffffffda RBX: 000055d7bd89f2a0 RCX: 00007fd30ba7b047 [ 136.616392] RDX: 0000000000000028 RSI: 000055d7bd89f3b0 RDI: 0000000000000003 [ 136.616396] RBP: 00007ffde1796e10 R08: 00007fd30bb4e200 R09: 000000000000000c [ 136.616399] R10: 0000000000000000 R11: 0000000000000202 R12: 000055d7bd89f340 [ 136.616403] R13: 000055d7bd89f3b0 R14: 000055d78943f200 R15: 0000000000000000
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bbFixed018ff57fd79c38be989b8b3248bbe69bcfb77160
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bbFixed326e384ee7acbebf0541ac064ac7a4dd1f1dde1d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bbFixedf77bf1ebf8ff6301ccdbc346f7b52db928f9cbf8