CVE-2025-38475: 
Linux Kernel vulnerability analysis and mitigation

A type confusion vulnerability was discovered in the Linux kernel's SMC (Shared Memory Communication) implementation. The vulnerability (CVE-2025-38475) affects the Linux kernel's networking stack, specifically related to the improper handling of socket types between INET and SMC sockets. The issue was discovered and reported by syzbot, with the vulnerability being publicly disclosed on July 28, 2025 (NVD).

The vulnerability stems from a type confusion in the SMC socket implementation where struct smcsock does not properly include struct inetsock as its first member but instead hijacks AFINET and AFINET6 skfamily. This leads to confusion in various code paths, particularly when handling inetsock.inetopt which actually points to smcsock.clcskdataready(). The issue manifests when freeing inetsk(sk)->inetopt in cipsov4sock_setattr(), resulting in multiple frees of read-only memory (NVD).

The vulnerability can lead to multiple serious consequences including kernel oops, double-free conditions, and potential memory corruption. This could result in system crashes or potentially allow attackers to execute arbitrary code with kernel privileges (NVD).

The fix involves restructuring the smcsock structure to properly include inetsock as its first member, rather than using previous hacky solutions. Three kernel patches have been released to address this issue (kernel.org, kernel.org, kernel.org).