vulnerability
Amazon Linux 2023: CVE-2025-38608: Important priority package update for kernel (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Aug 19, 2025 | Sep 30, 2025 | Oct 16, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Aug 19, 2025
Added
Sep 30, 2025
Modified
Oct 16, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
When sending plaintext data, we initially calculated the corresponding
ciphertext length. However, if we later reduced the plaintext data length
via socket policy, we failed to recalculate the ciphertext length.
This results in transmitting buffers containing uninitialized data during
ciphertext transmission.
This causes uninitialized bytes to be appended after a complete
"Application Data" packet, leading to errors on the receiving end when
parsing TLS record.
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
When sending plaintext data, we initially calculated the corresponding
ciphertext length. However, if we later reduced the plaintext data length
via socket policy, we failed to recalculate the ciphertext length.
This results in transmitting buffers containing uninitialized data during
ciphertext transmission.
This causes uninitialized bytes to be appended after a complete
"Application Data" packet, leading to errors on the receiving end when
parsing TLS record.
Solutions
amazon-linux-2023-upgrade-bpftoolamazon-linux-2023-upgrade-bpftool6-12amazon-linux-2023-upgrade-bpftool6-12-debuginfoamazon-linux-2023-upgrade-bpftool-debuginfoamazon-linux-2023-upgrade-kernelamazon-linux-2023-upgrade-kernel6-12amazon-linux-2023-upgrade-kernel6-12-debuginfoamazon-linux-2023-upgrade-kernel6-12-debuginfo-common-aarch64amazon-linux-2023-upgrade-kernel6-12-debuginfo-common-x86-64amazon-linux-2023-upgrade-kernel6-12-develamazon-linux-2023-upgrade-kernel6-12-headersamazon-linux-2023-upgrade-kernel6-12-libbpfamazon-linux-2023-upgrade-kernel6-12-libbpf-debuginfoamazon-linux-2023-upgrade-kernel6-12-libbpf-develamazon-linux-2023-upgrade-kernel6-12-libbpf-staticamazon-linux-2023-upgrade-kernel6-12-modules-extraamazon-linux-2023-upgrade-kernel6-12-modules-extra-commonamazon-linux-2023-upgrade-kernel6-12-toolsamazon-linux-2023-upgrade-kernel6-12-tools-debuginfoamazon-linux-2023-upgrade-kernel6-12-tools-develamazon-linux-2023-upgrade-kernel-debuginfoamazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64amazon-linux-2023-upgrade-kernel-develamazon-linux-2023-upgrade-kernel-headersamazon-linux-2023-upgrade-kernel-libbpfamazon-linux-2023-upgrade-kernel-libbpf-debuginfoamazon-linux-2023-upgrade-kernel-libbpf-develamazon-linux-2023-upgrade-kernel-libbpf-staticamazon-linux-2023-upgrade-kernel-livepatch-6-1-148-173-267amazon-linux-2023-upgrade-kernel-livepatch-6-12-46-66-121amazon-linux-2023-upgrade-kernel-modules-extraamazon-linux-2023-upgrade-kernel-modules-extra-commonamazon-linux-2023-upgrade-kernel-toolsamazon-linux-2023-upgrade-kernel-tools-debuginfoamazon-linux-2023-upgrade-kernel-tools-develamazon-linux-2023-upgrade-perfamazon-linux-2023-upgrade-perf6-12amazon-linux-2023-upgrade-perf6-12-debuginfoamazon-linux-2023-upgrade-perf-debuginfoamazon-linux-2023-upgrade-python3-perfamazon-linux-2023-upgrade-python3-perf6-12amazon-linux-2023-upgrade-python3-perf6-12-debuginfoamazon-linux-2023-upgrade-python3-perf-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.