{"id":"CVE-2025-38571","summary":"sunrpc: fix client side handling of tls alerts","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix client side handling of tls alerts\n\nA security exploit was discovered in NFS over TLS in tls_alert_recv\ndue to its assumption that there is valid data in the msghdr's\niterator's kvec.\n\nInstead, this patch proposes the rework how control messages are\nsetup and used by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a kvec\nbacked control buffer and read in the control message such as a TLS\nalert. Scott found that a msg iterator can advance the kvec pointer\nas a part of the copy process thus we need to revert the iterator\nbefore calling into the tls_alert_recv.","modified":"2026-03-20T12:42:55.468996Z","published":"2025-08-19T17:02:51.620Z","related":["ALSA-2025:18281","ALSA-2025:18318","MGASA-2025-0234","MGASA-2025-0235","SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38571.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3ee397eaaca4fa04db21bb98c8f1d0c6cc525368"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3feada5baf4dc96e151ff2ca54630e1d274e5458"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c36b2fbd60e8f9c6f975522130998608880c93be"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc5d59081fa26506d02de2127ab822f40d88bc5a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38571.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38571"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"dea034b963c8901bdcc3d3880c04f0d75c95112f"},{"fixed":"a55b3d15331859d9fdd261cfa6d34ca2aeb0fb95"},{"fixed":"c36b2fbd60e8f9c6f975522130998608880c93be"},{"fixed":"3ee397eaaca4fa04db21bb98c8f1d0c6cc525368"},{"fixed":"3feada5baf4dc96e151ff2ca54630e1d274e5458"},{"fixed":"cc5d59081fa26506d02de2127ab822f40d88bc5a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38571.json"}}],"schema_version":"1.7.5"}