Acknowledged
Created: Jul 7, 2025
Updated: Jul 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]atm: Revert atm_account_tx() if copy_from_iter_full() fails.[EOL][EOL]In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by[EOL]atm_account_tx().[EOL][EOL]It is expected to be reverted by atm_pop_raw() later called by[EOL]vcc->dev->ops->send(vcc, skb).[EOL][EOL]However, vcc_sendmsg() misses the same revert when copy_from_iter_full()[EOL]fails, and then we will leak a socket.[EOL][EOL]Let's factorise the revert part as atm_return_tx() and call it in[EOL]the failure path.[EOL][EOL]Note that the corresponding sk_wmem_alloc operation can be found in[EOL]alloc_tx() as of the blamed commit.[EOL][EOL] $ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~
CREATE(Triage):(User=admin) [CVE-2025-38190 (https://nvd.nist.gov/vuln/detail/CVE-2025-38190)
