CVE-2025-38475: 
Linux Kernel vulnerability analysis and mitigation

A type confusion vulnerability was discovered in the Linux kernel's SMC (Shared Memory Communication) implementation. The vulnerability (CVE-2025-38475) affects the Linux kernel's networking stack, specifically related to the improper handling of socket types between INET and SMC sockets. The issue was discovered and reported by syzbot, with the vulnerability being publicly disclosed on July 28, 2025 (NVD).

The vulnerability stems from a type confusion in the SMC socket implementation where struct smc_sock does not properly include struct inet_sock as its first member but instead hijacks AF_INET and AF_INET6 sk_family. This leads to confusion in various code paths, particularly when handling inet_sock.inet_opt which actually points to smc_sock.clcsk_data_ready(). The issue manifests when freeing inet_sk(sk)->inet_opt in cipso_v4_sock_setattr(), resulting in multiple frees of read-only memory (NVD).

The vulnerability can lead to multiple serious consequences including kernel oops, double-free conditions, and potential memory corruption. This could result in system crashes or potentially allow attackers to execute arbitrary code with kernel privileges (NVD).

The fix involves restructuring the smc_sock structure to properly include inet_sock as its first member, rather than using previous hacky solutions. Three kernel patches have been released to address this issue (kernel.org, kernel.org, kernel.org).