CVE-2025-38616: tls: handle data disappearing from under the TLS ULP

Published Aug 22, 2025
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

tls: handle data disappearing from under the TLS ULP

TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses some non-standard read API (eg. zerocopy ones). Replace the WARNON() and a buggy early exit (which leaves anchor pointing to a freed skb) with real error handling. Wipe the parsing state and tell the reader to retry.

We already reload the anchor every time we (re)acquire the socket lock, so the only condition we need to avoid is an out of bounds read (not having enough bytes in the socket for previously parsed record len).

If some data was read from under TLS but there's enough in the queue we'll reload and decrypt what is most likely not a valid TLS record. Leading to some undefined behavior from TLS perspective (corrupting a stream? missing an alert? missing an attack?) but no kernel crash should take place.

Affected Software

6 affected components
Linux Linux kernel
Linux Linux kernel>=6.0<6.6.103
Linux Linux kernel>=6.7<6.12.43
Linux Linux kernel>=6.13<6.15.11
Linux Linux kernel>=6.16<6.16.2
Linux Linux kernel=6.17-rc1

Remediation

Patch Available

https://git.kernel.org/stable/c/2fb97ed9e2672b4f6e24ce206ac1a875ce4bcb38

Patch Available

https://git.kernel.org/stable/c/6db015fc4b5d5f63a64a193f65d98da3a7fc811d

Patch Available

https://git.kernel.org/stable/c/db3658a12d5ec4db7185ae7476151a50521b7207

Patch Available

https://git.kernel.org/stable/c/eb0336f213fe88bbdb7d2b19c9c9ec19245a3155

Patch Available

https://git.kernel.org/stable/c/f1fe99919f629f980d0b8a7ff16950bffe06a859

Event History

Aug 22, 2025
CVE Published
via MITRE·01:01 PM
Data Sourced
via MITRE·01:01 PM
Description
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-38616?

CVE-2025-38616 has been classified as a moderate severity vulnerability in the Linux kernel.

2

How do I fix CVE-2025-38616?

To fix CVE-2025-38616, update your Linux kernel to the latest stable version where the vulnerability has been resolved.

3

What type of vulnerability is CVE-2025-38616?

CVE-2025-38616 is a data handling vulnerability related to the TLS user-level protocol in the Linux kernel.

4

Which systems are affected by CVE-2025-38616?

CVE-2025-38616 affects various versions of the Linux kernel that utilize the TLS user-level protocol.

5

Is CVE-2025-38616 publicly known?

Yes, CVE-2025-38616 is a publicly documented vulnerability and is listed in the Common Vulnerabilities and Exposures database.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203