CVE-2025-38112: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38112 is a vulnerability discovered in the Linux kernel affecting the network subsystem, specifically in the sk_is_readable() function. The vulnerability was disclosed on July 3, 2025, and involves a Time-of-Check to Time-of-Use (TOCTOU) issue that occurs when handling socket operations in sockmaps (NVD, CVE).

The vulnerability stems from a race condition in the sk_is_readable() function where sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() operation, which typically occurs when a socket is removed from sockmap, sk->sk_prot gets restored and sk->sk_prot->sock_is_readable becomes NULL. This creates a race condition if the value of sk->sk_prot is reloaded after the initial check, potentially leading to a null pointer dereference (NVD).

The vulnerability can result in a null pointer dereference, which could potentially lead to system crashes or denial of service conditions in affected Linux kernel implementations (NVD).

The vulnerability has been resolved in the Linux kernel through a patch that ensures the function pointer does not turn NULL after the initial check. Multiple stable kernel branches have received the fix through backported patches (NVD).