Acknowledged
Created: Jun 19, 2025
Updated: Jun 20, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]net/tls: fix kernel panic when alloc_page failed[EOL][EOL]We cannot set frag_list to NULL pointer when alloc_page failed.[EOL]It will be used in tls_strp_check_queue_ok when the next time[EOL]tls_strp_read_sock is called.[EOL][EOL]This is because we don't reset full_len in tls_strp_flush_anchor_copy()[EOL]so the recv path will try to continue handling the partial record[EOL]on the next call but we dettached the rcvq from the frag list.[EOL]Alternative fix would be to reset full_len.[EOL][EOL]Unable to handle kernel NULL pointer dereference[EOL]at virtual address 0000000000000028[EOL] Call trace:[EOL] tls_strp_check_rcv+0x128/0x27c[EOL] tls_strp_data_ready+0x34/0x44[EOL] tls_data_ready+0x3c/0x1f0[EOL] tcp_data_ready+0x9c/0xe4[EOL] tcp_data_queue+0xf6c/0x12d0[EOL] tcp_rcv_established+0x52c/0x798
CREATE(Triage):(User=lchen-cn) [CVE-2025-38018 (https://nvd.nist.gov/vuln/detail/CVE-2025-38018)
