Home Embedded Vulns General Vulns

CVE-2025-38112

Our Analysis: Embedded

Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.

Published Date July 3, 2025
Last Modified July 3, 2025
CVSS Vector Not Available

Description

In the Linux kernel, the following vulnerability has been resolved:

net: Fix TOCTOU issue in sk_is_readable()

sk->sk_prot->sock_is_readable is a valid function pointer when sk resides
in a sockmap. After the last sk_psock_put() (which usually happens when
socket is removed from sockmap), sk->sk_prot gets restored and
sk->sk_prot->sock_is_readable becomes NULL.

This makes sk_is_readable() racy, if the value of sk->sk_prot is reloaded
after the initial check. Which in turn may lead to a null pointer
dereference.

Ensure the function pointer does not turn NULL after the check.