{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:20:00.354","vulnerabilities":[{"cve":{"id":"CVE-2025-38571","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-08-19T17:15:33.960","lastModified":"2025-11-26T20:03:06.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix client side handling of tls alerts\n\nA security exploit was discovered in NFS over TLS in tls_alert_recv\ndue to its assumption that there is valid data in the msghdr's\niterator's kvec.\n\nInstead, this patch proposes the rework how control messages are\nsetup and used by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a kvec\nbacked control buffer and read in the control message such as a TLS\nalert. Scott found that a msg iterator can advance the kvec pointer\nas a part of the copy process thus we need to revert the iterator\nbefore calling into the tls_alert_recv."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sunrpc: arregla el manejo del lado del cliente de las alertas tls Se descubrió un exploit de seguridad en NFS sobre TLS en tls_alert_recv debido a su suposición de que hay datos válidos en el kvec del iterador de msghdr. En cambio, este parche propone volver a trabajar en cómo se configuran y utilizan los mensajes de control por sock_recvmsg(). Si no se configura ninguna estructura de mensaje de control, la capa kTLS leerá y procesará los tipos de registros de datos TLS. Tan pronto como encuentre un mensaje de control TLS, devolverá un error. En ese punto, NFS puede configurar un búfer de control respaldado por kvec y leer el mensaje de control como una alerta TLS. Scott encontró que un iterador msg puede avanzar el puntero kvec como parte del proceso de copia, por lo tanto, necesitamos revertir el iterador antes de llamar a tls_alert_recv."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.102","matchCriteriaId":"CDBF16D8-C01C-4F6B-ABE0-F7DED4C98BCB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.42","matchCriteriaId":"EA7AA5E6-4376-4A85-A021-6ACC5FF801C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.10","matchCriteriaId":"5890C690-B295-40C2-9121-FF5F987E5142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.16.1","matchCriteriaId":"58182352-D7DF-4CC9-841E-03C1D852C3FB"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3ee397eaaca4fa04db21bb98c8f1d0c6cc525368","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3feada5baf4dc96e151ff2ca54630e1d274e5458","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c36b2fbd60e8f9c6f975522130998608880c93be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc5d59081fa26506d02de2127ab822f40d88bc5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}