Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0825
Vulnerability from certfr_avis - Published: 2025-09-26 - Updated: 2025-09-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.48-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.153-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-38453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38453"
},
{
"name": "CVE-2025-39812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39812"
},
{
"name": "CVE-2025-38711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38711"
},
{
"name": "CVE-2025-39723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39723"
},
{
"name": "CVE-2025-39808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39808"
},
{
"name": "CVE-2025-39757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
},
{
"name": "CVE-2025-39772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39772"
},
{
"name": "CVE-2025-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39826"
},
{
"name": "CVE-2025-39716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39716"
},
{
"name": "CVE-2025-39702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39702"
},
{
"name": "CVE-2025-39779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39779"
},
{
"name": "CVE-2025-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39685"
},
{
"name": "CVE-2025-39765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39765"
},
{
"name": "CVE-2025-39720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39720"
},
{
"name": "CVE-2025-39827",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39827"
},
{
"name": "CVE-2025-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39828"
},
{
"name": "CVE-2025-22125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22125"
},
{
"name": "CVE-2025-39811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39811"
},
{
"name": "CVE-2025-38491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38491"
},
{
"name": "CVE-2025-38708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38708"
},
{
"name": "CVE-2025-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22103"
},
{
"name": "CVE-2025-39701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39701"
},
{
"name": "CVE-2025-39709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39709"
},
{
"name": "CVE-2025-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39689"
},
{
"name": "CVE-2025-39787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39787"
},
{
"name": "CVE-2025-38734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38734"
},
{
"name": "CVE-2025-38695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38695"
},
{
"name": "CVE-2025-39749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39749"
},
{
"name": "CVE-2025-39700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39700"
},
{
"name": "CVE-2025-39866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39866"
},
{
"name": "CVE-2025-39843",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39843"
},
{
"name": "CVE-2025-23160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23160"
},
{
"name": "CVE-2025-39751",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39751"
},
{
"name": "CVE-2025-39681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39681"
},
{
"name": "CVE-2025-39770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39770"
},
{
"name": "CVE-2025-38706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38706"
},
{
"name": "CVE-2025-38699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38699"
},
{
"name": "CVE-2025-38707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38707"
},
{
"name": "CVE-2025-39692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39692"
},
{
"name": "CVE-2025-38677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38677"
},
{
"name": "CVE-2025-39853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39853"
},
{
"name": "CVE-2025-39857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39857"
},
{
"name": "CVE-2025-39865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39865"
},
{
"name": "CVE-2025-39675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39675"
},
{
"name": "CVE-2025-39679",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39679"
},
{
"name": "CVE-2025-38693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38693"
},
{
"name": "CVE-2025-38679",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38679"
},
{
"name": "CVE-2025-38685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38685"
},
{
"name": "CVE-2025-38502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38502"
},
{
"name": "CVE-2025-39838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39838"
},
{
"name": "CVE-2025-39823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39823"
},
{
"name": "CVE-2025-39864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
},
{
"name": "CVE-2025-39824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39824"
},
{
"name": "CVE-2025-39737",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39737"
},
{
"name": "CVE-2025-38702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38702"
},
{
"name": "CVE-2025-38724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
},
{
"name": "CVE-2025-38698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38698"
},
{
"name": "CVE-2025-21751",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21751"
},
{
"name": "CVE-2025-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39842"
},
{
"name": "CVE-2025-39815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39815"
},
{
"name": "CVE-2025-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37931"
},
{
"name": "CVE-2025-39849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39849"
},
{
"name": "CVE-2025-39861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39861"
},
{
"name": "CVE-2025-39743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39743"
},
{
"name": "CVE-2025-39718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39718"
},
{
"name": "CVE-2025-38712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38712"
},
{
"name": "CVE-2025-38732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38732"
},
{
"name": "CVE-2025-39773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39773"
},
{
"name": "CVE-2025-38696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38696"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2025-39722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39722"
},
{
"name": "CVE-2025-38670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38670"
},
{
"name": "CVE-2025-39845",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39845"
},
{
"name": "CVE-2025-39788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39788"
},
{
"name": "CVE-2025-39791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39791"
},
{
"name": "CVE-2025-38735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38735"
},
{
"name": "CVE-2025-39698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39698"
},
{
"name": "CVE-2025-39805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39805"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-38614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38614"
},
{
"name": "CVE-2025-23143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
},
{
"name": "CVE-2025-38322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38322"
},
{
"name": "CVE-2025-38694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38694"
},
{
"name": "CVE-2025-38676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38676"
},
{
"name": "CVE-2025-38729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38729"
},
{
"name": "CVE-2025-38681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38681"
},
{
"name": "CVE-2025-39795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39795"
},
{
"name": "CVE-2025-38687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38687"
},
{
"name": "CVE-2025-38272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38272"
},
{
"name": "CVE-2025-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38728"
},
{
"name": "CVE-2025-38715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38715"
},
{
"name": "CVE-2025-39710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39710"
},
{
"name": "CVE-2025-39683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39683"
},
{
"name": "CVE-2025-39794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39794"
},
{
"name": "CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"name": "CVE-2025-38713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38713"
},
{
"name": "CVE-2025-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
},
{
"name": "CVE-2025-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39810"
},
{
"name": "CVE-2025-39782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39782"
},
{
"name": "CVE-2025-38697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38697"
},
{
"name": "CVE-2025-38691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38691"
},
{
"name": "CVE-2025-39759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39759"
},
{
"name": "CVE-2025-39860",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39860"
},
{
"name": "CVE-2025-39721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39721"
},
{
"name": "CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"name": "CVE-2025-39673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39673"
},
{
"name": "CVE-2025-39839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39839"
},
{
"name": "CVE-2025-38723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38723"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-39848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39848"
},
{
"name": "CVE-2025-39800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39800"
},
{
"name": "CVE-2025-39703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39703"
},
{
"name": "CVE-2025-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39825"
},
{
"name": "CVE-2025-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38552"
},
{
"name": "CVE-2025-39852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39852"
},
{
"name": "CVE-2025-39766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39766"
},
{
"name": "CVE-2025-39801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39801"
},
{
"name": "CVE-2025-39724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39724"
},
{
"name": "CVE-2025-39687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39687"
},
{
"name": "CVE-2025-39694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39694"
},
{
"name": "CVE-2025-40300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
},
{
"name": "CVE-2025-39806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39806"
},
{
"name": "CVE-2025-39851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39851"
},
{
"name": "CVE-2025-38721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38721"
},
{
"name": "CVE-2025-39684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39684"
},
{
"name": "CVE-2025-39807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39807"
},
{
"name": "CVE-2025-38725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38725"
},
{
"name": "CVE-2025-38347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38347"
},
{
"name": "CVE-2025-39776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39776"
},
{
"name": "CVE-2025-37968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
},
{
"name": "CVE-2025-38683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38683"
},
{
"name": "CVE-2025-39736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39736"
},
{
"name": "CVE-2025-39846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39846"
},
{
"name": "CVE-2025-39691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39691"
},
{
"name": "CVE-2025-39850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39850"
},
{
"name": "CVE-2025-39844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39844"
},
{
"name": "CVE-2025-39742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39742"
},
{
"name": "CVE-2025-39863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39863"
},
{
"name": "CVE-2025-38701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38701"
},
{
"name": "CVE-2024-58240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58240"
},
{
"name": "CVE-2025-39767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39767"
},
{
"name": "CVE-2025-39817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2025-39790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39790"
},
{
"name": "CVE-2025-38680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38680"
},
{
"name": "CVE-2025-38684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38684"
},
{
"name": "CVE-2025-39686",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39686"
},
{
"name": "CVE-2025-39798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39798"
},
{
"name": "CVE-2025-38730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38730"
},
{
"name": "CVE-2025-22124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22124"
},
{
"name": "CVE-2025-39714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39714"
},
{
"name": "CVE-2025-39854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39854"
},
{
"name": "CVE-2025-39706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39706"
},
{
"name": "CVE-2025-38306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38306"
},
{
"name": "CVE-2025-39719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39719"
},
{
"name": "CVE-2025-39695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39695"
},
{
"name": "CVE-2025-39738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39738"
},
{
"name": "CVE-2025-39705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39705"
},
{
"name": "CVE-2025-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38737"
},
{
"name": "CVE-2025-39713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39713"
},
{
"name": "CVE-2025-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23133"
},
{
"name": "CVE-2025-39756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39756"
},
{
"name": "CVE-2025-38736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38736"
},
{
"name": "CVE-2025-39831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39831"
},
{
"name": "CVE-2025-39693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39693"
},
{
"name": "CVE-2025-39682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39682"
},
{
"name": "CVE-2025-39676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39676"
},
{
"name": "CVE-2025-39832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39832"
},
{
"name": "CVE-2025-39813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39813"
},
{
"name": "CVE-2025-39847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39847"
},
{
"name": "CVE-2025-39819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39819"
},
{
"name": "CVE-2025-39783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39783"
},
{
"name": "CVE-2025-39715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39715"
},
{
"name": "CVE-2025-39835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39835"
},
{
"name": "CVE-2025-38700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38700"
},
{
"name": "CVE-2025-39841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
},
{
"name": "CVE-2025-39712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39712"
},
{
"name": "CVE-2025-39707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39707"
},
{
"name": "CVE-2025-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39829"
},
{
"name": "CVE-2025-39781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39781"
},
{
"name": "CVE-2025-39780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39780"
},
{
"name": "CVE-2025-39711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39711"
},
{
"name": "CVE-2025-38714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38714"
},
{
"name": "CVE-2025-39836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39836"
},
{
"name": "CVE-2025-38733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38733"
},
{
"name": "CVE-2025-39752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39752"
}
],
"initial_release_date": "2025-09-26T00:00:00",
"last_revision_date": "2025-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0825",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2025-09-22",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6009-1",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html"
},
{
"published_at": "2025-09-22",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6008-1",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00172.html"
}
]
}
CVE-2025-39805 (GCVE-0-2025-39805)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-11 21:36
VLAI
EPSS
Title
net: macb: fix unregister_netdev call order in macb_remove()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: macb: fix unregister_netdev call order in macb_remove()
When removing a macb device, the driver calls phy_exit() before
unregister_netdev(). This leads to a WARN from kernfs:
------------[ cut here ]------------
kernfs: can not remove 'attached_dev', no directory
WARNING: CPU: 1 PID: 27146 at fs/kernfs/dir.c:1683
Call trace:
kernfs_remove_by_name_ns+0xd8/0xf0
sysfs_remove_link+0x24/0x58
phy_detach+0x5c/0x168
phy_disconnect+0x4c/0x70
phylink_disconnect_phy+0x6c/0xc0 [phylink]
macb_close+0x6c/0x170 [macb]
...
macb_remove+0x60/0x168 [macb]
platform_remove+0x5c/0x80
...
The warning happens because the PHY is being exited while the netdev
is still registered. The correct order is to unregister the netdev
before shutting down the PHY and cleaning up the MDIO bus.
Fix this by moving unregister_netdev() ahead of phy_exit() in
macb_remove().
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8b73fa3ae02b2401960de41b0454c0321377b203 , < 7351782f2fc8ac31ced52e3d4e6fa120f819a7ab
(git)
Affected: 8b73fa3ae02b2401960de41b0454c0321377b203 , < 2b9719ccad38dffad7dbdd2f39896f723f9b9011 (git) Affected: 8b73fa3ae02b2401960de41b0454c0321377b203 , < ff0d3bad32108b57265e5b48f15327549af771d3 (git) Affected: 8b73fa3ae02b2401960de41b0454c0321377b203 , < 775fe690fd4a3337ad2115de2adb41b227d4dae7 (git) Affected: 8b73fa3ae02b2401960de41b0454c0321377b203 , < 01b9128c5db1b470575d07b05b67ffa3cb02ebf1 (git) |
|
| Linux | Linux |
Affected:
5.18
Unaffected: 0 , < 5.18 (semver) Unaffected: 6.1.159 , ≤ 6.1.* (semver) Unaffected: 6.6.119 , ≤ 6.6.* (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/cadence/macb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7351782f2fc8ac31ced52e3d4e6fa120f819a7ab",
"status": "affected",
"version": "8b73fa3ae02b2401960de41b0454c0321377b203",
"versionType": "git"
},
{
"lessThan": "2b9719ccad38dffad7dbdd2f39896f723f9b9011",
"status": "affected",
"version": "8b73fa3ae02b2401960de41b0454c0321377b203",
"versionType": "git"
},
{
"lessThan": "ff0d3bad32108b57265e5b48f15327549af771d3",
"status": "affected",
"version": "8b73fa3ae02b2401960de41b0454c0321377b203",
"versionType": "git"
},
{
"lessThan": "775fe690fd4a3337ad2115de2adb41b227d4dae7",
"status": "affected",
"version": "8b73fa3ae02b2401960de41b0454c0321377b203",
"versionType": "git"
},
{
"lessThan": "01b9128c5db1b470575d07b05b67ffa3cb02ebf1",
"status": "affected",
"version": "8b73fa3ae02b2401960de41b0454c0321377b203",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/cadence/macb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.119",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.159",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.119",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: fix unregister_netdev call order in macb_remove()\n\nWhen removing a macb device, the driver calls phy_exit() before\nunregister_netdev(). This leads to a WARN from kernfs:\n\n ------------[ cut here ]------------\n kernfs: can not remove \u0027attached_dev\u0027, no directory\n WARNING: CPU: 1 PID: 27146 at fs/kernfs/dir.c:1683\n Call trace:\n kernfs_remove_by_name_ns+0xd8/0xf0\n sysfs_remove_link+0x24/0x58\n phy_detach+0x5c/0x168\n phy_disconnect+0x4c/0x70\n phylink_disconnect_phy+0x6c/0xc0 [phylink]\n macb_close+0x6c/0x170 [macb]\n ...\n macb_remove+0x60/0x168 [macb]\n platform_remove+0x5c/0x80\n ...\n\nThe warning happens because the PHY is being exited while the netdev\nis still registered. The correct order is to unregister the netdev\nbefore shutting down the PHY and cleaning up the MDIO bus.\n\nFix this by moving unregister_netdev() ahead of phy_exit() in\nmacb_remove()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:36.596Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7351782f2fc8ac31ced52e3d4e6fa120f819a7ab"
},
{
"url": "https://git.kernel.org/stable/c/2b9719ccad38dffad7dbdd2f39896f723f9b9011"
},
{
"url": "https://git.kernel.org/stable/c/ff0d3bad32108b57265e5b48f15327549af771d3"
},
{
"url": "https://git.kernel.org/stable/c/775fe690fd4a3337ad2115de2adb41b227d4dae7"
},
{
"url": "https://git.kernel.org/stable/c/01b9128c5db1b470575d07b05b67ffa3cb02ebf1"
}
],
"title": "net: macb: fix unregister_netdev call order in macb_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39805",
"datePublished": "2025-09-16T13:00:06.731Z",
"dateReserved": "2025-04-16T07:20:57.136Z",
"dateUpdated": "2026-05-11T21:36:36.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39806 (GCVE-0-2025-39806)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-23 16:00
VLAI
EPSS
Title
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
A malicious HID device can trigger a slab out-of-bounds during
mt_report_fixup() by passing in report descriptor smaller than
607 bytes. mt_report_fixup() attempts to patch byte offset 607
of the descriptor with 0x25 by first checking if byte offset
607 is 0x15 however it lacks bounds checks to verify if the
descriptor is big enough before conducting this check. Fix
this bug by ensuring the descriptor size is at least 608
bytes before accessing it.
Below is the KASAN splat after the out of bounds access happens:
[ 13.671954] ==================================================================
[ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110
[ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10
[ 13.673297]
[ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3
[ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04
[ 13.673297] Call Trace:
[ 13.673297] <TASK>
[ 13.673297] dump_stack_lvl+0x5f/0x80
[ 13.673297] print_report+0xd1/0x660
[ 13.673297] kasan_report+0xe5/0x120
[ 13.673297] __asan_report_load1_noabort+0x18/0x20
[ 13.673297] mt_report_fixup+0x103/0x110
[ 13.673297] hid_open_report+0x1ef/0x810
[ 13.673297] mt_probe+0x422/0x960
[ 13.673297] hid_device_probe+0x2e2/0x6f0
[ 13.673297] really_probe+0x1c6/0x6b0
[ 13.673297] __driver_probe_device+0x24f/0x310
[ 13.673297] driver_probe_device+0x4e/0x220
[ 13.673297] __device_attach_driver+0x169/0x320
[ 13.673297] bus_for_each_drv+0x11d/0x1b0
[ 13.673297] __device_attach+0x1b8/0x3e0
[ 13.673297] device_initial_probe+0x12/0x20
[ 13.673297] bus_probe_device+0x13d/0x180
[ 13.673297] device_add+0xe3a/0x1670
[ 13.673297] hid_add_device+0x31d/0xa40
[...]
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7d91a0b2151a9c3b61d44c85c8eba930eddd1dd0 , < 4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d
(git)
Affected: 45ec9f17ce46417fc4eccecf388c99e81fb7fcc1 , < 7ab7311c43ae19c66c53ccd8c5052a9072a4e338 (git) Affected: 1d5c7d0a49ec9d8786f266ac6d1d7c4960e1787b , < d4e6e2680807671e1c73cd6a986b33659ce92f2b (git) Affected: c8000deb68365b461b324d68c7ea89d730f0bb85 , < 3055309821dd3da92888f88bad10f0324c3c89fe (git) Affected: c8000deb68365b461b324d68c7ea89d730f0bb85 , < c13e95587583d018cfbcc277df7e02d41902ac5a (git) Affected: c8000deb68365b461b324d68c7ea89d730f0bb85 , < 0379eb8691b9c4477da0277ae0832036ca4410b4 (git) Affected: d189e24a42b8bd0ece3d28801d751bf66dba8e92 (git) Affected: 5.15.168 , < 5.15.191 (semver) Affected: 6.1.111 , < 6.1.150 (semver) Affected: 6.6.52 , < 6.6.104 (semver) Affected: 6.10.11 , < 6.11 (semver) |
|
| Linux | Linux |
Affected:
6.11
Unaffected: 0 , < 6.11 (semver) Unaffected: 5.15.191 , ≤ 5.15.* (semver) Unaffected: 6.1.150 , ≤ 6.1.* (semver) Unaffected: 6.6.104 , ≤ 6.6.* (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:43:32.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:07:11.286Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-multitouch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d",
"status": "affected",
"version": "7d91a0b2151a9c3b61d44c85c8eba930eddd1dd0",
"versionType": "git"
},
{
"lessThan": "7ab7311c43ae19c66c53ccd8c5052a9072a4e338",
"status": "affected",
"version": "45ec9f17ce46417fc4eccecf388c99e81fb7fcc1",
"versionType": "git"
},
{
"lessThan": "d4e6e2680807671e1c73cd6a986b33659ce92f2b",
"status": "affected",
"version": "1d5c7d0a49ec9d8786f266ac6d1d7c4960e1787b",
"versionType": "git"
},
{
"lessThan": "3055309821dd3da92888f88bad10f0324c3c89fe",
"status": "affected",
"version": "c8000deb68365b461b324d68c7ea89d730f0bb85",
"versionType": "git"
},
{
"lessThan": "c13e95587583d018cfbcc277df7e02d41902ac5a",
"status": "affected",
"version": "c8000deb68365b461b324d68c7ea89d730f0bb85",
"versionType": "git"
},
{
"lessThan": "0379eb8691b9c4477da0277ae0832036ca4410b4",
"status": "affected",
"version": "c8000deb68365b461b324d68c7ea89d730f0bb85",
"versionType": "git"
},
{
"status": "affected",
"version": "d189e24a42b8bd0ece3d28801d751bf66dba8e92",
"versionType": "git"
},
{
"lessThan": "5.15.191",
"status": "affected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThan": "6.1.150",
"status": "affected",
"version": "6.1.111",
"versionType": "semver"
},
{
"lessThan": "6.6.104",
"status": "affected",
"version": "6.6.52",
"versionType": "semver"
},
{
"lessThan": "6.11",
"status": "affected",
"version": "6.10.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-multitouch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.191",
"versionStartIncluding": "5.15.168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.150",
"versionStartIncluding": "6.1.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.104",
"versionStartIncluding": "6.6.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[ 13.671954] ==================================================================\n[ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[ 13.673297]\n[ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[ 13.673297] Call Trace:\n[ 13.673297] \u003cTASK\u003e\n[ 13.673297] dump_stack_lvl+0x5f/0x80\n[ 13.673297] print_report+0xd1/0x660\n[ 13.673297] kasan_report+0xe5/0x120\n[ 13.673297] __asan_report_load1_noabort+0x18/0x20\n[ 13.673297] mt_report_fixup+0x103/0x110\n[ 13.673297] hid_open_report+0x1ef/0x810\n[ 13.673297] mt_probe+0x422/0x960\n[ 13.673297] hid_device_probe+0x2e2/0x6f0\n[ 13.673297] really_probe+0x1c6/0x6b0\n[ 13.673297] __driver_probe_device+0x24f/0x310\n[ 13.673297] driver_probe_device+0x4e/0x220\n[ 13.673297] __device_attach_driver+0x169/0x320\n[ 13.673297] bus_for_each_drv+0x11d/0x1b0\n[ 13.673297] __device_attach+0x1b8/0x3e0\n[ 13.673297] device_initial_probe+0x12/0x20\n[ 13.673297] bus_probe_device+0x13d/0x180\n[ 13.673297] device_add+0xe3a/0x1670\n[ 13.673297] hid_add_device+0x31d/0xa40\n[...]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:00:44.061Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4263e5851779f7d8ebfbc9cc7d2e9b0217adba8d"
},
{
"url": "https://git.kernel.org/stable/c/7ab7311c43ae19c66c53ccd8c5052a9072a4e338"
},
{
"url": "https://git.kernel.org/stable/c/d4e6e2680807671e1c73cd6a986b33659ce92f2b"
},
{
"url": "https://git.kernel.org/stable/c/3055309821dd3da92888f88bad10f0324c3c89fe"
},
{
"url": "https://git.kernel.org/stable/c/c13e95587583d018cfbcc277df7e02d41902ac5a"
},
{
"url": "https://git.kernel.org/stable/c/0379eb8691b9c4477da0277ae0832036ca4410b4"
}
],
"title": "HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39806",
"datePublished": "2025-09-16T13:00:09.524Z",
"dateReserved": "2025-04-16T07:20:57.136Z",
"dateUpdated": "2026-05-23T16:00:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39807 (GCVE-0-2025-39807)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-23 16:00
VLAI
EPSS
Title
drm/mediatek: Add error handling for old state CRTC in atomic_disable
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add error handling for old state CRTC in atomic_disable
Introduce error handling to address an issue where, after a hotplug
event, the cursor continues to update. This situation can lead to a
kernel panic due to accessing the NULL `old_state->crtc`.
E,g.
Unable to handle kernel NULL pointer dereference at virtual address
Call trace:
mtk_crtc_plane_disable+0x24/0x140
mtk_plane_atomic_update+0x8c/0xa8
drm_atomic_helper_commit_planes+0x114/0x2c8
drm_atomic_helper_commit_tail_rpm+0x4c/0x158
commit_tail+0xa0/0x168
drm_atomic_helper_commit+0x110/0x120
drm_atomic_commit+0x8c/0xe0
drm_atomic_helper_update_plane+0xd4/0x128
__setplane_atomic+0xcc/0x110
drm_mode_cursor_common+0x250/0x440
drm_mode_cursor_ioctl+0x44/0x70
drm_ioctl+0x264/0x5d8
__arm64_sys_ioctl+0xd8/0x510
invoke_syscall+0x6c/0xe0
do_el0_svc+0x68/0xe8
el0_svc+0x34/0x60
el0t_64_sync_handler+0x1c/0xf8
el0t_64_sync+0x180/0x188
Adding NULL pointer checks to ensure stability by preventing operations
on an invalid CRTC state.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
40b5b4ba8ed87c0bfb6268c10589777652ebde4c , < 7d5cc22efa44e0fe321ce195c71c3d7da211fbb2
(git)
Affected: d208261e9f7c66960587b10473081dc1cecbe50b , < 9a94e9d8b50bcfe89693bc899a54d3866d86e973 (git) Affected: d208261e9f7c66960587b10473081dc1cecbe50b , < 0c6b24d70da21201ed009a2aca740d2dfddc7ab5 (git) Affected: a9c482689051ca96f4a4630fe49fd6919694caaa (git) Affected: 6.12.40 , < 6.12.45 (semver) Affected: 6.15.8 , < 6.16 (semver) |
|
| Linux | Linux |
Affected:
6.16
Unaffected: 0 , < 6.16 (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-39807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T18:14:18.395954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:22:54.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d5cc22efa44e0fe321ce195c71c3d7da211fbb2",
"status": "affected",
"version": "40b5b4ba8ed87c0bfb6268c10589777652ebde4c",
"versionType": "git"
},
{
"lessThan": "9a94e9d8b50bcfe89693bc899a54d3866d86e973",
"status": "affected",
"version": "d208261e9f7c66960587b10473081dc1cecbe50b",
"versionType": "git"
},
{
"lessThan": "0c6b24d70da21201ed009a2aca740d2dfddc7ab5",
"status": "affected",
"version": "d208261e9f7c66960587b10473081dc1cecbe50b",
"versionType": "git"
},
{
"status": "affected",
"version": "a9c482689051ca96f4a4630fe49fd6919694caaa",
"versionType": "git"
},
{
"lessThan": "6.12.45",
"status": "affected",
"version": "6.12.40",
"versionType": "semver"
},
{
"lessThan": "6.16",
"status": "affected",
"version": "6.15.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.16"
},
{
"lessThan": "6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "6.12.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.15.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add error handling for old state CRTC in atomic_disable\n\nIntroduce error handling to address an issue where, after a hotplug\nevent, the cursor continues to update. This situation can lead to a\nkernel panic due to accessing the NULL `old_state-\u003ecrtc`.\n\nE,g.\nUnable to handle kernel NULL pointer dereference at virtual address\nCall trace:\n mtk_crtc_plane_disable+0x24/0x140\n mtk_plane_atomic_update+0x8c/0xa8\n drm_atomic_helper_commit_planes+0x114/0x2c8\n drm_atomic_helper_commit_tail_rpm+0x4c/0x158\n commit_tail+0xa0/0x168\n drm_atomic_helper_commit+0x110/0x120\n drm_atomic_commit+0x8c/0xe0\n drm_atomic_helper_update_plane+0xd4/0x128\n __setplane_atomic+0xcc/0x110\n drm_mode_cursor_common+0x250/0x440\n drm_mode_cursor_ioctl+0x44/0x70\n drm_ioctl+0x264/0x5d8\n __arm64_sys_ioctl+0xd8/0x510\n invoke_syscall+0x6c/0xe0\n do_el0_svc+0x68/0xe8\n el0_svc+0x34/0x60\n el0t_64_sync_handler+0x1c/0xf8\n el0t_64_sync+0x180/0x188\n\nAdding NULL pointer checks to ensure stability by preventing operations\non an invalid CRTC state."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:00:46.198Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d5cc22efa44e0fe321ce195c71c3d7da211fbb2"
},
{
"url": "https://git.kernel.org/stable/c/9a94e9d8b50bcfe89693bc899a54d3866d86e973"
},
{
"url": "https://git.kernel.org/stable/c/0c6b24d70da21201ed009a2aca740d2dfddc7ab5"
}
],
"title": "drm/mediatek: Add error handling for old state CRTC in atomic_disable",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39807",
"datePublished": "2025-09-16T13:00:10.408Z",
"dateReserved": "2025-04-16T07:20:57.137Z",
"dateUpdated": "2026-05-23T16:00:46.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39808 (GCVE-0-2025-39808)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-12 12:07
VLAI
EPSS
Title
HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
in ntrig_report_version(), hdev parameter passed from hid_probe().
sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null
if hdev->dev.parent->parent is null, usb_dev has
invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned
when usb_rcvctrlpipe() use usb_dev,it trigger
page fault error for address(0xffffffffffffff58)
add null check logic to ntrig_report_version()
before calling hid_to_usb_dev()
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0277873c05158c5efc97c23d52e6aec6250bde0f , < 22ddb5eca4af5e69dffe2b54551d2487424448f1
(git)
Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < 019c34ca11372de891c06644846eb41fca7c890c (git) Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < 4338b0f6544c3ff042bfbaf40bc9afe531fb08c7 (git) Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < 6070123d5344d0950f10ef6a5fdc3f076abb7ad2 (git) Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < e422370e6ab28478872b914cee5d49a9bdfae0c6 (git) Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < 98520a9a3d69a530dd1ee280cbe0abc232a35bff (git) Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < 183def8e4d786e50165e5d992df6a3083e45e16c (git) Affected: 0277873c05158c5efc97c23d52e6aec6250bde0f , < 185c926283da67a72df20a63a5046b3b4631b7d9 (git) |
|
| Linux | Linux |
Affected:
2.6.37
Unaffected: 0 , < 2.6.37 (semver) Unaffected: 5.4.298 , ≤ 5.4.* (semver) Unaffected: 5.10.242 , ≤ 5.10.* (semver) Unaffected: 5.15.191 , ≤ 5.15.* (semver) Unaffected: 6.1.150 , ≤ 6.1.* (semver) Unaffected: 6.6.104 , ≤ 6.6.* (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:43:34.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:07:12.433Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-ntrig.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "22ddb5eca4af5e69dffe2b54551d2487424448f1",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "019c34ca11372de891c06644846eb41fca7c890c",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "4338b0f6544c3ff042bfbaf40bc9afe531fb08c7",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "6070123d5344d0950f10ef6a5fdc3f076abb7ad2",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "e422370e6ab28478872b914cee5d49a9bdfae0c6",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "98520a9a3d69a530dd1ee280cbe0abc232a35bff",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "183def8e4d786e50165e5d992df6a3083e45e16c",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
},
{
"lessThan": "185c926283da67a72df20a63a5046b3b4631b7d9",
"status": "affected",
"version": "0277873c05158c5efc97c23d52e6aec6250bde0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-ntrig.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.298",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.242",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.298",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.242",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.191",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.150",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.104",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()\n\nin ntrig_report_version(), hdev parameter passed from hid_probe().\nsending descriptor to /dev/uhid can make hdev-\u003edev.parent-\u003eparent to null\nif hdev-\u003edev.parent-\u003eparent is null, usb_dev has\ninvalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned\nwhen usb_rcvctrlpipe() use usb_dev,it trigger\npage fault error for address(0xffffffffffffff58)\n\nadd null check logic to ntrig_report_version()\nbefore calling hid_to_usb_dev()"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:40.010Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/22ddb5eca4af5e69dffe2b54551d2487424448f1"
},
{
"url": "https://git.kernel.org/stable/c/019c34ca11372de891c06644846eb41fca7c890c"
},
{
"url": "https://git.kernel.org/stable/c/4338b0f6544c3ff042bfbaf40bc9afe531fb08c7"
},
{
"url": "https://git.kernel.org/stable/c/6070123d5344d0950f10ef6a5fdc3f076abb7ad2"
},
{
"url": "https://git.kernel.org/stable/c/e422370e6ab28478872b914cee5d49a9bdfae0c6"
},
{
"url": "https://git.kernel.org/stable/c/98520a9a3d69a530dd1ee280cbe0abc232a35bff"
},
{
"url": "https://git.kernel.org/stable/c/183def8e4d786e50165e5d992df6a3083e45e16c"
},
{
"url": "https://git.kernel.org/stable/c/185c926283da67a72df20a63a5046b3b4631b7d9"
}
],
"title": "HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39808",
"datePublished": "2025-09-16T13:00:11.242Z",
"dateReserved": "2025-04-16T07:20:57.137Z",
"dateUpdated": "2026-05-12T12:07:12.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39810 (GCVE-0-2025-39810)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-11 21:36
VLAI
EPSS
Title
bnxt_en: Fix memory corruption when FW resources change during ifdown
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix memory corruption when FW resources change during ifdown
bnxt_set_dflt_rings() assumes that it is always called before any TC has
been created. So it doesn't take bp->num_tc into account and assumes
that it is always 0 or 1.
In the FW resource or capability change scenario, the FW will return
flags in bnxt_hwrm_if_change() that will cause the driver to
reinitialize and call bnxt_cancel_reservations(). This will lead to
bnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp->num_tc
may be greater than 1. This will cause bp->tx_ring[] to be sized too
small and cause memory corruption in bnxt_alloc_cp_rings().
Fix it by properly scaling the TX rings by bp->num_tc in the code
paths mentioned above. Add 2 helper functions to determine
bp->tx_nr_rings and bp->tx_nr_rings_per_tc.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ec5d31e3c15d5233b491400133c67f78a320062c , < d00e98977ef519280b075d783653e2c492fffbb6
(git)
Affected: ec5d31e3c15d5233b491400133c67f78a320062c , < 9ab6a9950f152e094395d2e3967f889857daa185 (git) Affected: ec5d31e3c15d5233b491400133c67f78a320062c , < 2747328ba2714f1a7454208dbbc1dc0631990b4a (git) |
|
| Linux | Linux |
Affected:
5.4
Unaffected: 0 , < 5.4 (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-39810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T18:14:51.954727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:22:55.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d00e98977ef519280b075d783653e2c492fffbb6",
"status": "affected",
"version": "ec5d31e3c15d5233b491400133c67f78a320062c",
"versionType": "git"
},
{
"lessThan": "9ab6a9950f152e094395d2e3967f889857daa185",
"status": "affected",
"version": "ec5d31e3c15d5233b491400133c67f78a320062c",
"versionType": "git"
},
{
"lessThan": "2747328ba2714f1a7454208dbbc1dc0631990b4a",
"status": "affected",
"version": "ec5d31e3c15d5233b491400133c67f78a320062c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix memory corruption when FW resources change during ifdown\n\nbnxt_set_dflt_rings() assumes that it is always called before any TC has\nbeen created. So it doesn\u0027t take bp-\u003enum_tc into account and assumes\nthat it is always 0 or 1.\n\nIn the FW resource or capability change scenario, the FW will return\nflags in bnxt_hwrm_if_change() that will cause the driver to\nreinitialize and call bnxt_cancel_reservations(). This will lead to\nbnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp-\u003enum_tc\nmay be greater than 1. This will cause bp-\u003etx_ring[] to be sized too\nsmall and cause memory corruption in bnxt_alloc_cp_rings().\n\nFix it by properly scaling the TX rings by bp-\u003enum_tc in the code\npaths mentioned above. Add 2 helper functions to determine\nbp-\u003etx_nr_rings and bp-\u003etx_nr_rings_per_tc."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:45.770Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d00e98977ef519280b075d783653e2c492fffbb6"
},
{
"url": "https://git.kernel.org/stable/c/9ab6a9950f152e094395d2e3967f889857daa185"
},
{
"url": "https://git.kernel.org/stable/c/2747328ba2714f1a7454208dbbc1dc0631990b4a"
}
],
"title": "bnxt_en: Fix memory corruption when FW resources change during ifdown",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39810",
"datePublished": "2025-09-16T13:00:12.677Z",
"dateReserved": "2025-04-16T07:20:57.137Z",
"dateUpdated": "2026-05-11T21:36:45.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39811 (GCVE-0-2025-39811)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-11 21:36
VLAI
EPSS
Title
drm/xe/vm: Clear the scratch_pt pointer on error
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/vm: Clear the scratch_pt pointer on error
Avoid triggering a dereference of an error pointer on cleanup in
xe_vm_free_scratch() by clearing any scratch_pt error pointer.
(cherry picked from commit 358ee50ab565f3c8ea32480e9d03127a81ba32f8)
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
06951c2ee72df2f53b71e7cf2b504d4fa6bba453 , < c8277d229c7840e8090d4704e50f2ca014d194c7
(git)
Affected: 06951c2ee72df2f53b71e7cf2b504d4fa6bba453 , < 84603ed1d73ebb8de856dc11f4f5d3541c48f7a2 (git) Affected: 06951c2ee72df2f53b71e7cf2b504d4fa6bba453 , < 2b55ddf36229e0278c956215784ab1feeff510aa (git) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-39811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T18:15:08.427254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:22:55.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xe/xe_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c8277d229c7840e8090d4704e50f2ca014d194c7",
"status": "affected",
"version": "06951c2ee72df2f53b71e7cf2b504d4fa6bba453",
"versionType": "git"
},
{
"lessThan": "84603ed1d73ebb8de856dc11f4f5d3541c48f7a2",
"status": "affected",
"version": "06951c2ee72df2f53b71e7cf2b504d4fa6bba453",
"versionType": "git"
},
{
"lessThan": "2b55ddf36229e0278c956215784ab1feeff510aa",
"status": "affected",
"version": "06951c2ee72df2f53b71e7cf2b504d4fa6bba453",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xe/xe_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vm: Clear the scratch_pt pointer on error\n\nAvoid triggering a dereference of an error pointer on cleanup in\nxe_vm_free_scratch() by clearing any scratch_pt error pointer.\n\n(cherry picked from commit 358ee50ab565f3c8ea32480e9d03127a81ba32f8)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:48.612Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c8277d229c7840e8090d4704e50f2ca014d194c7"
},
{
"url": "https://git.kernel.org/stable/c/84603ed1d73ebb8de856dc11f4f5d3541c48f7a2"
},
{
"url": "https://git.kernel.org/stable/c/2b55ddf36229e0278c956215784ab1feeff510aa"
}
],
"title": "drm/xe/vm: Clear the scratch_pt pointer on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39811",
"datePublished": "2025-09-16T13:00:13.395Z",
"dateReserved": "2025-04-16T07:20:57.137Z",
"dateUpdated": "2026-05-11T21:36:48.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39812 (GCVE-0-2025-39812)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-12 12:07
VLAI
EPSS
Title
sctp: initialize more fields in sctp_v6_from_sk()
Summary
In the Linux kernel, the following vulnerability has been resolved:
sctp: initialize more fields in sctp_v6_from_sk()
syzbot found that sin6_scope_id was not properly initialized,
leading to undefined behavior.
Clear sin6_scope_id and sin6_flowinfo.
BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649
__sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649
sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983
sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390
sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452
sctp_get_port net/sctp/socket.c:8523 [inline]
sctp_listen_start net/sctp/socket.c:8567 [inline]
sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636
__sys_listen_socket net/socket.c:1912 [inline]
__sys_listen net/socket.c:1927 [inline]
__do_sys_listen net/socket.c:1932 [inline]
__se_sys_listen net/socket.c:1930 [inline]
__x64_sys_listen+0x343/0x4c0 net/socket.c:1930
x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable addr.i.i created at:
sctp_get_port net/sctp/socket.c:8515 [inline]
sctp_listen_start net/sctp/socket.c:8567 [inline]
sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636
__sys_listen_socket net/socket.c:1912 [inline]
__sys_listen net/socket.c:1927 [inline]
__do_sys_listen net/socket.c:1932 [inline]
__se_sys_listen net/socket.c:1930 [inline]
__x64_sys_listen+0x343/0x4c0 net/socket.c:1930
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 45e4b36593edffb7bbee5828ae820bc10a9fa0f3
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9546934c2054bba1bd605c44e936619159a34027 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 17d6c7747045e9b802c2f5dfaba260d309d831ae (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 65b4693d8bab5370cfcb44a275b4d8dcb06e56bf (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 463aa96fca6209bb205f49f7deea3817d7ddaa3a (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1bbc0c02aea1f1c405bd1271466889c25a1fe01b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f6c2cc99fc2387ba6499facd6108f6543382792d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2e8750469242cad8f01f320131fd5a6f540dbb99 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.4.298 , ≤ 5.4.* (semver) Unaffected: 5.10.242 , ≤ 5.10.* (semver) Unaffected: 5.15.191 , ≤ 5.15.* (semver) Unaffected: 6.1.150 , ≤ 6.1.* (semver) Unaffected: 6.6.104 , ≤ 6.6.* (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:43:36.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:07:13.590Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sctp/ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "45e4b36593edffb7bbee5828ae820bc10a9fa0f3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9546934c2054bba1bd605c44e936619159a34027",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "17d6c7747045e9b802c2f5dfaba260d309d831ae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "65b4693d8bab5370cfcb44a275b4d8dcb06e56bf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "463aa96fca6209bb205f49f7deea3817d7ddaa3a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1bbc0c02aea1f1c405bd1271466889c25a1fe01b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6c2cc99fc2387ba6499facd6108f6543382792d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e8750469242cad8f01f320131fd5a6f540dbb99",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sctp/ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.298",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.242",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.298",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.242",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.191",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.150",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.104",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:49.762Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/45e4b36593edffb7bbee5828ae820bc10a9fa0f3"
},
{
"url": "https://git.kernel.org/stable/c/9546934c2054bba1bd605c44e936619159a34027"
},
{
"url": "https://git.kernel.org/stable/c/17d6c7747045e9b802c2f5dfaba260d309d831ae"
},
{
"url": "https://git.kernel.org/stable/c/65b4693d8bab5370cfcb44a275b4d8dcb06e56bf"
},
{
"url": "https://git.kernel.org/stable/c/463aa96fca6209bb205f49f7deea3817d7ddaa3a"
},
{
"url": "https://git.kernel.org/stable/c/1bbc0c02aea1f1c405bd1271466889c25a1fe01b"
},
{
"url": "https://git.kernel.org/stable/c/f6c2cc99fc2387ba6499facd6108f6543382792d"
},
{
"url": "https://git.kernel.org/stable/c/2e8750469242cad8f01f320131fd5a6f540dbb99"
}
],
"title": "sctp: initialize more fields in sctp_v6_from_sk()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39812",
"datePublished": "2025-09-16T13:00:14.103Z",
"dateReserved": "2025-04-16T07:20:57.137Z",
"dateUpdated": "2026-05-12T12:07:13.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39813 (GCVE-0-2025-39813)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-12 12:07
VLAI
EPSS
Title
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
When calling ftrace_dump_one() concurrently with reading trace_pipe,
a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race
condition.
The issue occurs because:
CPU0 (ftrace_dump) CPU1 (reader)
echo z > /proc/sysrq-trigger
!trace_empty(&iter)
trace_iterator_reset(&iter) <- len = size = 0
cat /sys/kernel/tracing/trace_pipe
trace_find_next_entry_inc(&iter)
__find_next_entry
ring_buffer_empty_cpu <- all empty
return NULL
trace_printk_seq(&iter.seq)
WARN_ON_ONCE(s->seq.len >= s->seq.size)
In the context between trace_empty() and trace_find_next_entry_inc()
during ftrace_dump, the ring buffer data was consumed by other readers.
This caused trace_find_next_entry_inc to return NULL, failing to populate
`iter.seq`. At this point, due to the prior trace_iterator_reset, both
`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,
the WARN_ON_ONCE condition is triggered.
Move the trace_printk_seq() into the if block that checks to make sure the
return value of trace_find_next_entry_inc() is non-NULL in
ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before
subsequent operations.
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d769041f865330034131525ee6a7f72eb4af2a24 , < f299353e7ccbcc5c2ed8993c48fbe7609cbe729a
(git)
Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < 5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85 (git) Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < a6f0f8873cc30fd4543b09adf03f7f51d293f0e6 (git) Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < e80ff23ba8bdb0f41a1afe2657078e4097d13a9a (git) Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < 28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa (git) Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < ced94e137e6cd5e79c65564841d3b7695d0f5fa3 (git) Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < fbd4cf7ee4db65ef36796769fe978e9eba6f0de4 (git) Affected: d769041f865330034131525ee6a7f72eb4af2a24 , < 4013aef2ced9b756a410f50d12df9ebe6a883e4a (git) |
|
| Linux | Linux |
Affected:
2.6.28
Unaffected: 0 , < 2.6.28 (semver) Unaffected: 5.4.298 , ≤ 5.4.* (semver) Unaffected: 5.10.242 , ≤ 5.10.* (semver) Unaffected: 5.15.191 , ≤ 5.15.* (semver) Unaffected: 6.1.150 , ≤ 6.1.* (semver) Unaffected: 6.6.104 , ≤ 6.6.* (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:43:38.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:07:14.764Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f299353e7ccbcc5c2ed8993c48fbe7609cbe729a",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "a6f0f8873cc30fd4543b09adf03f7f51d293f0e6",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "e80ff23ba8bdb0f41a1afe2657078e4097d13a9a",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "ced94e137e6cd5e79c65564841d3b7695d0f5fa3",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "fbd4cf7ee4db65ef36796769fe978e9eba6f0de4",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
},
{
"lessThan": "4013aef2ced9b756a410f50d12df9ebe6a883e4a",
"status": "affected",
"version": "d769041f865330034131525ee6a7f72eb4af2a24",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.298",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.242",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.298",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.242",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.191",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.150",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.104",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:50.968Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a"
},
{
"url": "https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85"
},
{
"url": "https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6"
},
{
"url": "https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a"
},
{
"url": "https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa"
},
{
"url": "https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3"
},
{
"url": "https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4"
},
{
"url": "https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4a"
}
],
"title": "ftrace: Fix potential warning in trace_printk_seq during ftrace_dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39813",
"datePublished": "2025-09-16T13:00:14.846Z",
"dateReserved": "2025-04-16T07:20:57.137Z",
"dateUpdated": "2026-05-12T12:07:14.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39815 (GCVE-0-2025-39815)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-11 21:36
VLAI
EPSS
Title
RISC-V: KVM: fix stack overrun when loading vlenb
Summary
In the Linux kernel, the following vulnerability has been resolved:
RISC-V: KVM: fix stack overrun when loading vlenb
The userspace load can put up to 2048 bits into an xlen bit stack
buffer. We want only xlen bits, so check the size beforehand.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2fa290372dfe7dd248b1c16f943f273a3e674f22 , < c76bf8359188a11f8fd790e5bbd6077894a245cc
(git)
Affected: 2fa290372dfe7dd248b1c16f943f273a3e674f22 , < 6d28659b692a0212f360f8bd8a58712b339f9aac (git) Affected: 2fa290372dfe7dd248b1c16f943f273a3e674f22 , < 799766208f09f95677a9ab111b93872d414fbad7 (git) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-39815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T18:15:40.818434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:22:55.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kvm/vcpu_vector.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c76bf8359188a11f8fd790e5bbd6077894a245cc",
"status": "affected",
"version": "2fa290372dfe7dd248b1c16f943f273a3e674f22",
"versionType": "git"
},
{
"lessThan": "6d28659b692a0212f360f8bd8a58712b339f9aac",
"status": "affected",
"version": "2fa290372dfe7dd248b1c16f943f273a3e674f22",
"versionType": "git"
},
{
"lessThan": "799766208f09f95677a9ab111b93872d414fbad7",
"status": "affected",
"version": "2fa290372dfe7dd248b1c16f943f273a3e674f22",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kvm/vcpu_vector.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: KVM: fix stack overrun when loading vlenb\n\nThe userspace load can put up to 2048 bits into an xlen bit stack\nbuffer. We want only xlen bits, so check the size beforehand."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:36:53.303Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c76bf8359188a11f8fd790e5bbd6077894a245cc"
},
{
"url": "https://git.kernel.org/stable/c/6d28659b692a0212f360f8bd8a58712b339f9aac"
},
{
"url": "https://git.kernel.org/stable/c/799766208f09f95677a9ab111b93872d414fbad7"
}
],
"title": "RISC-V: KVM: fix stack overrun when loading vlenb",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39815",
"datePublished": "2025-09-16T13:00:16.250Z",
"dateReserved": "2025-04-16T07:20:57.138Z",
"dateUpdated": "2026-05-11T21:36:53.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39817 (GCVE-0-2025-39817)
Vulnerability from cvelistv5 – Published: 2025-09-16 13:00 – Updated: 2026-05-23 16:00
VLAI
EPSS
Title
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
Summary
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
Observed on kernel 6.6 (present on master as well):
BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0
Call trace:
kasan_check_range+0xe8/0x190
__asan_loadN+0x1c/0x28
memcmp+0x98/0xd0
efivarfs_d_compare+0x68/0xd8
__d_lookup_rcu_op_compare+0x178/0x218
__d_lookup_rcu+0x1f8/0x228
d_alloc_parallel+0x150/0x648
lookup_open.isra.0+0x5f0/0x8d0
open_last_lookups+0x264/0x828
path_openat+0x130/0x3f8
do_filp_open+0x114/0x248
do_sys_openat2+0x340/0x3c0
__arm64_sys_openat+0x120/0x1a0
If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become
negative, leadings to oob. The issue can be triggered by parallel
lookups using invalid filename:
T1 T2
lookup_open
->lookup
simple_lookup
d_add
// invalid dentry is added to hash list
lookup_open
d_alloc_parallel
__d_lookup_rcu
__d_lookup_rcu_op_compare
hlist_bl_for_each_entry_rcu
// invalid dentry can be retrieved
->d_compare
efivarfs_d_compare
// oob
Fix it by checking 'guid' before cmp.
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
da27a24383b2b10bf6ebd0db29b325548aafecb4 , < 0f63fbabeaaaaaaf5b742a2f4c1b4590d50bf1f6
(git)
Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < 794399019301944fd6d2e0d7a51b3327e26c410e (git) Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < 568e7761279b99c6daa3002290fd6d8047ddb6d2 (git) Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < d7f5e35e70507d10cbaff5f9e194ed54c4ee14f7 (git) Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < 925599eba46045930b850a98ae594d2e3028ac40 (git) Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < c2925cd6207079c3f4d040d082515db78d63afbf (git) Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < 71581a82f38e5a4d807d71fc1bb59aead80ccf95 (git) Affected: da27a24383b2b10bf6ebd0db29b325548aafecb4 , < a6358f8cf64850f3f27857b8ed8c1b08cfc4685c (git) Affected: 688289c4b745c018b3449b4b4c5a2030083c8eaf (git) Affected: 3.8.2 , < 3.9 (semver) |
|
| Linux | Linux |
Affected:
3.9
Unaffected: 0 , < 3.9 (semver) Unaffected: 5.4.298 , ≤ 5.4.* (semver) Unaffected: 5.10.242 , ≤ 5.10.* (semver) Unaffected: 5.15.191 , ≤ 5.15.* (semver) Unaffected: 6.1.150 , ≤ 6.1.* (semver) Unaffected: 6.6.104 , ≤ 6.6.* (semver) Unaffected: 6.12.45 , ≤ 6.12.* (semver) Unaffected: 6.16.5 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:43:40.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:07:15.910Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/efivarfs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f63fbabeaaaaaaf5b742a2f4c1b4590d50bf1f6",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "794399019301944fd6d2e0d7a51b3327e26c410e",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "568e7761279b99c6daa3002290fd6d8047ddb6d2",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "d7f5e35e70507d10cbaff5f9e194ed54c4ee14f7",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "925599eba46045930b850a98ae594d2e3028ac40",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "c2925cd6207079c3f4d040d082515db78d63afbf",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "71581a82f38e5a4d807d71fc1bb59aead80ccf95",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"lessThan": "a6358f8cf64850f3f27857b8ed8c1b08cfc4685c",
"status": "affected",
"version": "da27a24383b2b10bf6ebd0db29b325548aafecb4",
"versionType": "git"
},
{
"status": "affected",
"version": "688289c4b745c018b3449b4b4c5a2030083c8eaf",
"versionType": "git"
},
{
"lessThan": "3.9",
"status": "affected",
"version": "3.8.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/efivarfs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.298",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.242",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.298",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.242",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.191",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.150",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.104",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.45",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.5",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n\nObserved on kernel 6.6 (present on master as well):\n\n BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0\n Call trace:\n kasan_check_range+0xe8/0x190\n __asan_loadN+0x1c/0x28\n memcmp+0x98/0xd0\n efivarfs_d_compare+0x68/0xd8\n __d_lookup_rcu_op_compare+0x178/0x218\n __d_lookup_rcu+0x1f8/0x228\n d_alloc_parallel+0x150/0x648\n lookup_open.isra.0+0x5f0/0x8d0\n open_last_lookups+0x264/0x828\n path_openat+0x130/0x3f8\n do_filp_open+0x114/0x248\n do_sys_openat2+0x340/0x3c0\n __arm64_sys_openat+0x120/0x1a0\n\nIf dentry-\u003ed_name.len \u003c EFI_VARIABLE_GUID_LEN , \u0027guid\u0027 can become\nnegative, leadings to oob. The issue can be triggered by parallel\nlookups using invalid filename:\n\n T1\t\t\tT2\n lookup_open\n -\u003elookup\n simple_lookup\n d_add\n // invalid dentry is added to hash list\n\n\t\t\tlookup_open\n\t\t\t d_alloc_parallel\n\t\t\t __d_lookup_rcu\n\t\t\t __d_lookup_rcu_op_compare\n\t\t\t hlist_bl_for_each_entry_rcu\n\t\t\t // invalid dentry can be retrieved\n\t\t\t -\u003ed_compare\n\t\t\t efivarfs_d_compare\n\t\t\t // oob\n\nFix it by checking \u0027guid\u0027 before cmp."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:00:47.192Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f63fbabeaaaaaaf5b742a2f4c1b4590d50bf1f6"
},
{
"url": "https://git.kernel.org/stable/c/794399019301944fd6d2e0d7a51b3327e26c410e"
},
{
"url": "https://git.kernel.org/stable/c/568e7761279b99c6daa3002290fd6d8047ddb6d2"
},
{
"url": "https://git.kernel.org/stable/c/d7f5e35e70507d10cbaff5f9e194ed54c4ee14f7"
},
{
"url": "https://git.kernel.org/stable/c/925599eba46045930b850a98ae594d2e3028ac40"
},
{
"url": "https://git.kernel.org/stable/c/c2925cd6207079c3f4d040d082515db78d63afbf"
},
{
"url": "https://git.kernel.org/stable/c/71581a82f38e5a4d807d71fc1bb59aead80ccf95"
},
{
"url": "https://git.kernel.org/stable/c/a6358f8cf64850f3f27857b8ed8c1b08cfc4685c"
}
],
"title": "efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39817",
"datePublished": "2025-09-16T13:00:17.776Z",
"dateReserved": "2025-04-16T07:20:57.138Z",
"dateUpdated": "2026-05-23T16:00:47.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…