CVE-2025-38148

In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case the HW will never generate an interrupt to say that the frame was timestamped, then the frame will never released. Fix this by freeing the frame in case of one-step timestamping.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17	Patch
https://git.kernel.org/stable/c/24b24295464f25fb771d36ed558c7cd942119361	Patch
https://git.kernel.org/stable/c/66abe22017522dd56b820e41ca3a5b131a637001	Patch
https://git.kernel.org/stable/c/846992645b25ec4253167e3f931e4597eb84af56	Patch
https://git.kernel.org/stable/c/cdbabd316c5a4a9b0fda6aafe491e2db17fbb95d	Patch
https://git.kernel.org/stable/c/db2a12ddd3a31f668137ff6a4befc1343c79cbc4	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-03 09:15

Updated : 2025-12-18 21:06

NVD link : CVE-2025-38148

Mitre link : CVE-2025-38148

CVE.ORG link : CVE-2025-38148

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2025-38148", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-03T09:15:29.703", "references": [{"url": "https://git.kernel.org/stable/c/0b40aeaf83ca04d4c9801e235b7533400c8b5f17", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/24b24295464f25fb771d36ed558c7cd942119361", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/66abe22017522dd56b820e41ca3a5b131a637001", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/846992645b25ec4253167e3f931e4597eb84af56", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cdbabd316c5a4a9b0fda6aafe491e2db17fbb95d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/db2a12ddd3a31f668137ff6a4befc1343c79cbc4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: mscc: Se corrige la p\u00e9rdida de memoria al usar el sellado de tiempo de un paso. Al ejecutar el sellado de tiempo de sincronizaci\u00f3n de un paso, el hardware est\u00e1 configurado para insertar la hora de transmisi\u00f3n en la trama, por lo que ya no hay raz\u00f3n para mantener el skb. Como en este caso, el hardware nunca generar\u00e1 una interrupci\u00f3n para indicar que la trama fue sellada, esta nunca se liberar\u00e1. Se corrige liberando la trama en caso de sellado de tiempo de un paso."}], "lastModified": "2025-12-18T21:06:51.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49EEF657-80AD-46E2-8CA5-C96EFA630696", "versionEndExcluding": "5.15.192", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459B4E94-FE0E-434D-B782-95E3A5FFC6B1", "versionEndExcluding": "6.1.142", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "304E3F01-7D7A-4908-994E-7F95C5C00B06", "versionEndExcluding": "6.6.94", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}