CVE-2025-38514 – Linux Kernel rxrpc NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-38514

Published : Aug. 16, 2025, 11:15 a.m. | 45 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix oops due to non-existence of prealloc backlog struct

If an AF_RXRPC service socket is opened and bound, but calls are
preallocated, then rxrpc_alloc_incoming_call() will oops because the
rxrpc_backlog struct doesn’t get allocated until the first preallocation is
made.

Fix this by returning NULL from rxrpc_alloc_incoming_call() if there is no
backlog struct. This will cause the incoming call to be aborted.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…