Fixed
Created: Jul 28, 2025
Updated: Aug 10, 2025
Resolved Date: Aug 10, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]netlink: Fix wraparounds of sk->sk_rmem_alloc.[EOL][EOL]Netlink has this pattern in some places[EOL][EOL] if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)[EOL] \tatomic_add(skb->truesize, &sk->sk_rmem_alloc);[EOL][EOL], which has the same problem fixed by commit 5a465a0da13e ("udp:[EOL]Fix multiple wraparounds of sk->sk_rmem_alloc.").[EOL][EOL]For example, if we set INT_MAX to SO_RCVBUFFORCE, the condition[EOL]is always false as the two operands are of int.[EOL][EOL]Then, a single socket can eat as many skb as possible until OOM[EOL]happens, and we can see multiple wraparounds of sk->sk_rmem_alloc.[EOL][EOL]Let's fix it by using atomic_add_return() and comparing the two[EOL]variables as unsigned int.[EOL][EOL]Before:[EOL] [root@fedora ~]# ss -f netlink[EOL] Recv-Q Send-Q Local Address:Port Peer Address:Port[EOL] -1668710080 0 rtnl:nl_wraparound/293 *[EOL][EOL]After:[EOL] [root@fedora ~]# ss -f netlink[EOL] Recv-Q Send-Q Local Address:Port Peer Address:Port[EOL] 2147483072 0 rtnl:nl_wraparound/290 *[EOL] ^[EOL] `--- INT_MAX - 576
CREATE(Triage):(User=admin) [CVE-2025-38465 (https://nvd.nist.gov/vuln/detail/CVE-2025-38465)
