CVE-2025-37894
Description
In the Linux kernel, the following vulnerability has been resolved:net: use sock_gen_put() when sk_state is TCP_TIME_WAITIt is possible for a pointer of type struct inet_timewait_sock to bereturned from the functions __inet_lookup_established() and__inet6_lookup_established(). This can cause a crash when thereturned pointer is of type struct inet_timewait_sock andsock_put() is called on it. The following is a crash call stack thatshows sk->sk_wmem_alloc being accessed in sk_free() during the call tosock_put() on a struct inet_timewait_sock pointer. To avoid this issue,use sock_gen_put() instead of sock_put() when sk->sk_stateis TCP_TIME_WAIT.mrdump.ko ipanic() + 120vmlinux notifier_call_chain(nr_to_call=-1, nr_calls=0) + 132vmlinux atomic_notifier_call_chain(val=0) + 56vmlinux panic() + 344vmlinux add_taint() + 164vmlinux end_report() + 136vmlinux kasan_report(size=0) + 236vmlinux report_tag_fault() + 16vmlinux do_tag_recovery() + 16vmlinux __do_kernel_fault() + 88vmlinux do_bad_area() + 28vmlinux do_tag_check_fault() + 60vmlinux do_mem_abort() + 80vmlinux el1_abort() + 56vmlinux el1h_64_sync_handler() + 124vmlinux > 0xFFFFFFC080011294()vmlinux __lse_atomic_fetch_add_release(v=0xF2FFFF82A896087C)vmlinux __lse_atomic_fetch_sub_release(v=0xF2FFFF82A896087C)vmlinux arch_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C)+ 8vmlinux raw_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C)+ 8vmlinux atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8vmlinux __refcount_sub_and_test(i=1, r=0xF2FFFF82A896087C,oldp=0) + 8vmlinux __refcount_dec_and_test(r=0xF2FFFF82A896087C, oldp=0) + 8vmlinux refcount_dec_and_test(r=0xF2FFFF82A896087C) + 8vmlinux sk_free(sk=0xF2FFFF82A8960700) + 28vmlinux sock_put() + 48vmlinux tcp6_check_fraglist_gro() + 236vmlinux tcp6_gro_receive() + 624vmlinux ipv6_gro_receive() + 912vmlinux dev_gro_receive() + 1116vmlinux napi_gro_receive() + 196ccmni.ko ccmni_rx_callback() + 208ccmni.ko ccmni_queue_recv_skb() + 388ccci_dpmaif.ko dpmaif_rxq_push_thread() + 1088vmlinux kthread() + 268vmlinux 0xFFFFFFC08001F30C()
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-6.14.0-1006-realtime_6.14.0-1006.6_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-6.14.0-1011-gcp_6.14.0-1011.11_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-6.14.0-24-generic_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-gcp_6.14.0-1011.11_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-gcp-6.14_6.14.0-1011.11_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-generic_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-generic-6.14_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-generic-hwe-24.04_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-oem-24.04_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-oem-24.04a_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-realtime_6.14.0-1006.6_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-realtime-6.14_6.14.0-1006.6_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-realtime-hwe-24.04_6.14.0-1006.6_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-virtual_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-virtual-6.14_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel (USN-7649-1) USN-7649-1 linux-image-virtual-hwe-24.04_6.14.0-24.24_amd64.deb | Linux |
| Linux kernel for OEM systems (USN-7650-1) USN-7650-1 linux-image-6.14.0-1007-oem_6.14.0-1007.7_amd64.deb | Linux |
| Linux kernel for OEM systems (USN-7650-1) USN-7650-1 linux-image-oem-24.04c_6.14.0-1007.7_amd64.deb | Linux |
| Linux kernel for OEM systems (USN-7650-1) USN-7650-1 linux-image-oem-6.14_6.14.0-1007.7_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-7649-2) USN-7649-2 linux-image-6.14.0-1009-aws_6.14.0-1009.9_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-7649-2) USN-7649-2 linux-image-aws_6.14.0-1009.9_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-7649-2) USN-7649-2 linux-image-aws-6.14_6.14.0-1009.9_amd64.deb | Linux |
| Linux kernel for Oracle Cloud systems (USN-7665-1) USN-7665-1 linux-image-6.14.0-1009-oracle_6.14.0-1009.9_amd64.deb | Linux |
| Linux kernel for Oracle Cloud systems (USN-7665-1) USN-7665-1 linux-image-oracle_6.14.0-1009.9_amd64.deb | Linux |
| Linux kernel for Oracle Cloud systems (USN-7665-1) USN-7665-1 linux-image-oracle-6.14_6.14.0-1009.9_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-7665-2) USN-7665-2 linux-image-6.14.0-1009-aws_6.14.0-1009.9~24.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-7665-2) USN-7665-2 linux-image-aws_6.14.0-1009.9~24.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-7665-2) USN-7665-2 linux-image-aws-6.14_6.14.0-1009.9~24.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234