CVE-2025-38608 | bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.

Published: 2025-08-19 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Conclusion & alert: CVE-2025-38608 is rated Low Risk (24.1/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.16%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-38608

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.02% 0.16% +0.14%
2 2026-01-08 0.05% 0.02% -0.03%
3 2025-08-29 0.05%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-38608

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
1.8 3.6 [email protected]

Weakness enumeration for CVE-2025-38608

OS Trackers for CVE-2025-38608

vendor priority summary link
debian not yet assigned CVE-2025-38608 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2025-38608
redhat low https://access.redhat.com/security/cve/CVE-2025-38608
suse high CVE-2025-38608 severity important: SUSE including 620 source package names (13.2-9.1:libgcrypt20-1.10.3-slfo.1.1_2.1, 13.2-9.1:libip4tc2-1.8.9-4.1, …), 1550 product×package rows across 351 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (351 product lines)): Fixed 1272, Known Affected 226, Known Not Affected 30, First Fixed 22. https://www.suse.com/security/cve/CVE-2025-38608/
ubuntu medium CVE-2025-38608 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, released 165, ignored 161, not-affected 41, needed 26, needs-triage 2, pending 2. https://ubuntu.com/security/CVE-2025-38608

Affected software / configurations for CVE-2025-38608

Vendor Product Version Raw CPE
linux linux_kernel >= 5.0, < 5.4.297 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.5, < 5.10.241 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.11, < 5.15.190 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.16, < 6.1.148 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.2, < 6.6.102 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.7, < 6.12.42 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.13, < 6.15.10 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.16, < 6.16.1 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debian debian_linux 11.0 cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References for CVE-2025-38608

URL Tags
https://git.kernel.org/stable/c/0e853c1464bcf61207f8b5c32d2ac5ee495e859d Patch
https://git.kernel.org/stable/c/16aca8bb4ad0d8a13c8b6da4007f4e52d53035bb Patch
https://git.kernel.org/stable/c/178f6a5c8cb3b6be1602de0964cd440243f493c9 Patch
https://git.kernel.org/stable/c/1e480387d4b42776f8957fb148af9d75ce93b96d Patch
https://git.kernel.org/stable/c/6ba20ff3cdb96a908b9dc93cf247d0b087672e7c Patch
https://git.kernel.org/stable/c/73fc5d04009d3969ff8e8574f0fd769f04124e59 Patch
https://git.kernel.org/stable/c/849d24dc5aed45ebeb3490df429356739256ac40 Patch
https://git.kernel.org/stable/c/90d6ef67440cec2a0aad71a0108c8f216437345c Patch
https://git.kernel.org/stable/c/ee03766d79de0f61ea29ffb6ab1c7b196ea1b02e Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory
cvelogic Threat Intelligence