CVE-2025-38190 Affecting kernel-zfcpdump-devel-matched package, versions *


Severity

Recommended
low

Based on CentOS security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS9-KERNELZFCPDUMPDEVELMATCHED-10648019
  • published7 Jul 2025
  • disclosed4 Jul 2025

Introduced: 4 Jul 2025

NewCVE-2025-38190  (opens in a new tab)

How to fix?

There is no fixed version for Centos:9 kernel-zfcpdump-devel-matched.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump-devel-matched package and not the kernel-zfcpdump-devel-matched package as distributed by Centos. See How to fix? for Centos:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

atm: Revert atm_account_tx() if copy_from_iter_full() fails.

In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx().

It is expected to be reverted by atm_pop_raw() later called by vcc->dev->ops->send(vcc, skb).

However, vcc_sendmsg() misses the same revert when copy_from_iter_full() fails, and then we will leak a socket.

Let's factorise the revert part as atm_return_tx() and call it in the failure path.

Note that the corresponding sk_wmem_alloc operation can be found in alloc_tx() as of the blamed commit.

$ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~

CVSS Base Scores

version 3.1