CVE-2025-38571
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38571
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38571.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38571
- Downstream
- Related
- Published
- 2025-08-19T17:02:51.620Z
- Modified
- 2025-11-20T10:38:16.151164Z
- Summary
- sunrpc: fix client side handling of tls alerts
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: fix client side handling of tls alerts
A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec.
Instead, this patch proposes the rework how control messages are setup and used by sock_recvmsg().
If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed control buffer and read in the control message such as a TLS alert. Scott found that a msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator before calling into the tlsalertrecv.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3ee397eaaca4fa04db21bb98c8f1d0c6cc525368
- https://git.kernel.org/stable/c/3feada5baf4dc96e151ff2ca54630e1d274e5458
- https://git.kernel.org/stable/c/a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95
- https://git.kernel.org/stable/c/c36b2fbd60e8f9c6f975522130998608880c93be
- https://git.kernel.org/stable/c/cc5d59081fa26506d02de2127ab822f40d88bc5a
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddea034b963c8901bdcc3d3880c04f0d75c95112fFixeda55b3d15331859d9fdd261cfa6d34ca2aeb0fb95
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddea034b963c8901bdcc3d3880c04f0d75c95112fFixedc36b2fbd60e8f9c6f975522130998608880c93be
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddea034b963c8901bdcc3d3880c04f0d75c95112fFixed3ee397eaaca4fa04db21bb98c8f1d0c6cc525368
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddea034b963c8901bdcc3d3880c04f0d75c95112fFixed3feada5baf4dc96e151ff2ca54630e1d274e5458
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddea034b963c8901bdcc3d3880c04f0d75c95112fFixedcc5d59081fa26506d02de2127ab822f40d88bc5a
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.4
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.100
v6.6.101
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-38571-181af4eb",
"signature_version": "v1",
"digest": {
"length": 456.0,
"function_hash": "108180256985048774168976689219081550900"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee397eaaca4fa04db21bb98c8f1d0c6cc525368",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_process_cmsg"
}
},
{
"id": "CVE-2025-38571-1956faa3",
"signature_version": "v1",
"digest": {
"length": 186.0,
"function_hash": "96541166425456468594235177589196006286"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_read_discard"
}
},
{
"id": "CVE-2025-38571-27faa244",
"signature_version": "v1",
"digest": {
"length": 240.0,
"function_hash": "37303765468951966139158578463223751986"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c36b2fbd60e8f9c6f975522130998608880c93be",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recvmsg"
}
},
{
"id": "CVE-2025-38571-2ae3f0c0",
"signature_version": "v1",
"digest": {
"length": 240.0,
"function_hash": "37303765468951966139158578463223751986"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee397eaaca4fa04db21bb98c8f1d0c6cc525368",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recvmsg"
}
},
{
"id": "CVE-2025-38571-2d072085",
"signature_version": "v1",
"digest": {
"length": 186.0,
"function_hash": "96541166425456468594235177589196006286"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee397eaaca4fa04db21bb98c8f1d0c6cc525368",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_read_discard"
}
},
{
"id": "CVE-2025-38571-3ba38369",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274960498545438886651756898143076429876",
"172005131145743593323662995617052312705",
"300440360651925455454888766156482643059",
"233392619276452217478851696401348585582",
"64857348452877161871968368003990083497",
"49954374446056388033908637295292900120",
"174067414190030410728793318109434716806",
"256080730358938640177641361010569742468",
"96381509872150522308177515319166110795",
"195804790475145819780174496775845857505",
"311895442398741198175813605250599405464",
"96692766950039895524065458772370409071",
"177230114312732745583483190238398185058",
"241012948127763046025031175235390218234",
"316441501820847013214464175743787296341",
"333122383944845281460213259471911669905",
"239882688155146604605618935664203729154",
"11299254975912085819535800640636546721",
"309844061234959507754444993996608311576",
"175240341245460953887033459190200654798",
"68122837874103881204822803264776641615",
"203770549584759125315476493443572244764",
"237439788536688211256210695849879688439",
"113763081174711626765081439223025034766",
"280750114814295234214329933224547686434",
"251264189439185838892108062351525058495",
"98842434435308299318776350911343668440",
"247975170983365460379598776742192512647",
"132662696340691302927472811352159957274",
"135198693685026110559082599047702147560",
"202994932661242349825731060488362827850"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3feada5baf4dc96e151ff2ca54630e1d274e5458",
"target": {
"file": "net/sunrpc/xprtsock.c"
}
},
{
"id": "CVE-2025-38571-3bcf4e5c",
"signature_version": "v1",
"digest": {
"length": 400.0,
"function_hash": "234532827898409866504458428948473062845"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c36b2fbd60e8f9c6f975522130998608880c93be",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recv_cmsg"
}
},
{
"id": "CVE-2025-38571-3e6d8b07",
"signature_version": "v1",
"digest": {
"length": 186.0,
"function_hash": "96541166425456468594235177589196006286"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c36b2fbd60e8f9c6f975522130998608880c93be",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_read_discard"
}
},
{
"id": "CVE-2025-38571-5555c70e",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274960498545438886651756898143076429876",
"172005131145743593323662995617052312705",
"300440360651925455454888766156482643059",
"233392619276452217478851696401348585582",
"64857348452877161871968368003990083497",
"49954374446056388033908637295292900120",
"174067414190030410728793318109434716806",
"256080730358938640177641361010569742468",
"96381509872150522308177515319166110795",
"195804790475145819780174496775845857505",
"311895442398741198175813605250599405464",
"96692766950039895524065458772370409071",
"177230114312732745583483190238398185058",
"241012948127763046025031175235390218234",
"316441501820847013214464175743787296341",
"333122383944845281460213259471911669905",
"239882688155146604605618935664203729154",
"11299254975912085819535800640636546721",
"309844061234959507754444993996608311576",
"175240341245460953887033459190200654798",
"68122837874103881204822803264776641615",
"203770549584759125315476493443572244764",
"237439788536688211256210695849879688439",
"113763081174711626765081439223025034766",
"280750114814295234214329933224547686434",
"251264189439185838892108062351525058495",
"98842434435308299318776350911343668440",
"247975170983365460379598776742192512647",
"132662696340691302927472811352159957274",
"135198693685026110559082599047702147560",
"202994932661242349825731060488362827850"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee397eaaca4fa04db21bb98c8f1d0c6cc525368",
"target": {
"file": "net/sunrpc/xprtsock.c"
}
},
{
"id": "CVE-2025-38571-5c5d80f9",
"signature_version": "v1",
"digest": {
"length": 400.0,
"function_hash": "234532827898409866504458428948473062845"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee397eaaca4fa04db21bb98c8f1d0c6cc525368",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recv_cmsg"
}
},
{
"id": "CVE-2025-38571-5e49b1d4",
"signature_version": "v1",
"digest": {
"length": 186.0,
"function_hash": "96541166425456468594235177589196006286"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3feada5baf4dc96e151ff2ca54630e1d274e5458",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_read_discard"
}
},
{
"id": "CVE-2025-38571-62ff16ba",
"signature_version": "v1",
"digest": {
"length": 240.0,
"function_hash": "37303765468951966139158578463223751986"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recvmsg"
}
},
{
"id": "CVE-2025-38571-7f65e153",
"signature_version": "v1",
"digest": {
"length": 456.0,
"function_hash": "108180256985048774168976689219081550900"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c36b2fbd60e8f9c6f975522130998608880c93be",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_process_cmsg"
}
},
{
"id": "CVE-2025-38571-922fd59b",
"signature_version": "v1",
"digest": {
"length": 400.0,
"function_hash": "234532827898409866504458428948473062845"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recv_cmsg"
}
},
{
"id": "CVE-2025-38571-95380164",
"signature_version": "v1",
"digest": {
"length": 456.0,
"function_hash": "108180256985048774168976689219081550900"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3feada5baf4dc96e151ff2ca54630e1d274e5458",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_process_cmsg"
}
},
{
"id": "CVE-2025-38571-b806c699",
"signature_version": "v1",
"digest": {
"length": 456.0,
"function_hash": "108180256985048774168976689219081550900"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_process_cmsg"
}
},
{
"id": "CVE-2025-38571-bed4cc45",
"signature_version": "v1",
"digest": {
"length": 400.0,
"function_hash": "234532827898409866504458428948473062845"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3feada5baf4dc96e151ff2ca54630e1d274e5458",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recv_cmsg"
}
},
{
"id": "CVE-2025-38571-cae067d7",
"signature_version": "v1",
"digest": {
"length": 240.0,
"function_hash": "37303765468951966139158578463223751986"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3feada5baf4dc96e151ff2ca54630e1d274e5458",
"target": {
"file": "net/sunrpc/xprtsock.c",
"function": "xs_sock_recvmsg"
}
},
{
"id": "CVE-2025-38571-d28fc729",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274960498545438886651756898143076429876",
"172005131145743593323662995617052312705",
"300440360651925455454888766156482643059",
"233392619276452217478851696401348585582",
"64857348452877161871968368003990083497",
"49954374446056388033908637295292900120",
"174067414190030410728793318109434716806",
"256080730358938640177641361010569742468",
"96381509872150522308177515319166110795",
"195804790475145819780174496775845857505",
"311895442398741198175813605250599405464",
"96692766950039895524065458772370409071",
"177230114312732745583483190238398185058",
"241012948127763046025031175235390218234",
"316441501820847013214464175743787296341",
"333122383944845281460213259471911669905",
"239882688155146604605618935664203729154",
"11299254975912085819535800640636546721",
"309844061234959507754444993996608311576",
"175240341245460953887033459190200654798",
"68122837874103881204822803264776641615",
"203770549584759125315476493443572244764",
"237439788536688211256210695849879688439",
"113763081174711626765081439223025034766",
"280750114814295234214329933224547686434",
"251264189439185838892108062351525058495",
"98842434435308299318776350911343668440",
"247975170983365460379598776742192512647",
"132662696340691302927472811352159957274",
"135198693685026110559082599047702147560",
"202994932661242349825731060488362827850"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c36b2fbd60e8f9c6f975522130998608880c93be",
"target": {
"file": "net/sunrpc/xprtsock.c"
}
},
{
"id": "CVE-2025-38571-f5658668",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274960498545438886651756898143076429876",
"172005131145743593323662995617052312705",
"300440360651925455454888766156482643059",
"233392619276452217478851696401348585582",
"64857348452877161871968368003990083497",
"49954374446056388033908637295292900120",
"174067414190030410728793318109434716806",
"256080730358938640177641361010569742468",
"96381509872150522308177515319166110795",
"195804790475145819780174496775845857505",
"311895442398741198175813605250599405464",
"96692766950039895524065458772370409071",
"177230114312732745583483190238398185058",
"241012948127763046025031175235390218234",
"316441501820847013214464175743787296341",
"333122383944845281460213259471911669905",
"239882688155146604605618935664203729154",
"11299254975912085819535800640636546721",
"309844061234959507754444993996608311576",
"175240341245460953887033459190200654798",
"68122837874103881204822803264776641615",
"203770549584759125315476493443572244764",
"237439788536688211256210695849879688439",
"113763081174711626765081439223025034766",
"280750114814295234214329933224547686434",
"251264189439185838892108062351525058495",
"98842434435308299318776350911343668440",
"247975170983365460379598776742192512647",
"132662696340691302927472811352159957274",
"135198693685026110559082599047702147560",
"202994932661242349825731060488362827850"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95",
"target": {
"file": "net/sunrpc/xprtsock.c"
}
}
]