{"id":"AZL-64553","summary":"CVE-2025-38112 affecting package kernel for versions less than 6.6.96.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.","modified":"2026-04-01T05:20:49.130821Z","published":"2025-07-03T09:15:24Z","upstream":["CVE-2025-38112"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38112"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.96.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64553.json"}}],"schema_version":"1.7.5"}