[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-38124":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":34,"epss":9,"epss_history":35,"metrics":36,"affected":43},"DEBIAN-CVE-2025-38124","In the Linux kernel, the following vulnerability has been resolved:  net: fix udp gso skb_segment after pull from frag_list  Commit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after pull from frag_list\") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets with modified geometry can also hit bugs in that code. We don't know how many such cases exist. Addressing each one by one also requires touching the complex skb_segment code, which risks introducing bugs for other types of skbs. Instead, linearize all these packets that fail the basic invariants on gso fraglist skbs. That is more robust.  If only part of the fraglist payload is pulled into head_skb, it will always cause exception when splitting skbs by skb_segment. For detailed call stack information, see below.  Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size  Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify fraglist skbs, breaking these invariants.  In extreme cases they pull one part of data into skb linear. For UDP, this  causes three payloads with lengths of (11,11,10) bytes were pulled tail to become (12,10,10) bytes.  The skbs no longer meets the above SKB_GSO_FRAGLIST conditions because payload was pulled into head_skb, it needs to be linearized before pass to regular skb_segment.      skb_segment+0xcd0/0xd14     __udp_gso_segment+0x334/0x5f4     udp4_ufo_fragment+0x118/0x15c     inet_gso_segment+0x164/0x338     skb_mac_gso_segment+0xc4/0x13c     __skb_gso_segment+0xc4/0x124     validate_xmit_skb+0x9c/0x2c0     validate_xmit_skb_list+0x4c/0x80     sch_direct_xmit+0x70/0x404     __dev_queue_xmit+0x64c/0xe5c     neigh_resolve_output+0x178/0x1c4     ip_finish_output2+0x37c/0x47c     __ip_finish_output+0x194/0x240     ip_finish_output+0x20/0xf4     ip_output+0x100/0x1a0     NF_HOOK+0xc4/0x16c     ip_forward+0x314/0x32c     ip_rcv+0x90/0x118     __netif_receive_skb+0x74/0x124     process_backlog+0xe8/0x1a4     __napi_poll+0x5c/0x1f8     net_rx_action+0x154/0x314     handle_softirqs+0x154/0x4b8      [118.376811] [C201134] rxq0_pus: [name:bug&]kernel BUG at net/core/skbuff.c:4278!     [118.376829] [C201134] rxq0_pus: [name:traps&]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP     [118.470774] [C201134] rxq0_pus: [name:mrdump&]Kernel Offset: 0x178cc00000 from 0xffffffc008000000     [118.470810] [C201134] rxq0_pus: [name:mrdump&]PHYS_OFFSET: 0x40000000     [118.470827] [C201134] rxq0_pus: [name:mrdump&]pstate: 60400005 (nZCv daif +PAN -UAO)     [118.470848] [C201134] rxq0_pus: [name:mrdump&]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14     [118.470900] [C201134] rxq0_pus: [name:mrdump&]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14     [118.470928] [C201134] rxq0_pus: [name:mrdump&]sp : ffffffc008013770",null,[],[],[],[14],{"_key":15},"CVE-2025-38124",[17,19],{"_key":18},"DLA-4328-1",{"_key":20},"DSA-5973-1",[],[],"2025-07-03T09:15:26.547Z","2026-04-28T20:29:52.799510Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28],{"url":29,"sources":30,"tags":32},"https://security-tracker.debian.org/tracker/CVE-2025-38124",[31],"osv_debian",[33],"Advisory",[],[],[37],{"source":31,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":38,"cvss_v4_0":9},{"baseScore":39,"baseSeverity":9,"vectorString":40,"impactScore":41,"exploitabilityScore":42},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[44,60],{"ecosystem":45,"name":46,"vendor":47,"product":46,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":46,"source":9,"versions":49},"Debian","linux","debian","deb",[50,56,59],{"version":51,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":55,"fixed_in":9},"lt6_1_147_1",true,"ecosystem","6.1.147-1","excluding",{"version":57,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},"lt6_12_35_1","6.12.35-1",{"version":57,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},{"ecosystem":45,"name":61,"vendor":47,"product":61,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":61,"source":9,"versions":62},"linux-6.1",[63],{"version":64,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":65,"version_end_type":55,"fixed_in":9},"lt6_1_153_1~deb11u1","6.1.153-1~deb11u1"]