cvelistv5 - cve-2025-39955

CVE-2025-39955 (GCVE-0-2025-39955)

Vulnerability from cvelistv5

Published

2025-10-09 09:47

Modified

2025-10-09 09:47

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Open socket as a new client before the TFO socket completes 3WHS: 1. accept() 2. connect(AF_UNSPEC) 3. connect() to another destination As of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes it to TCP_CLOSE and makes connect() possible, which restarts timers. Since tcp_disconnect() forgot to clear tcp_sk(sk)->fastopen_rsk, the retransmit timer triggered the warning and the intended packet was not retransmitted. Let's call reqsk_fastopen_remove() in tcp_disconnect(). [0]: WARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7)) Modules linked in: CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7)) Code: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 <0f> 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e RSP: 0018:ffffc900002f8d40 EFLAGS: 00010293 RAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017 RDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400 RBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8 R10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540 R13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0 FS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0 Call Trace: <IRQ> tcp_write_timer (net/ipv4/tcp_timer.c:738) call_timer_fn (kernel/time/timer.c:1747) __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372) timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135) tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035) __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1)) tmigr_handle_remote (kernel/time/timer_migration.c:1096) handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580) irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35)) </IRQ>

References

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9

Impacted products

Vendor

Product

Version

Linux

Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4
Version: 8336886f786fdacbc19b719c1f7ea91eb70706d4

Linux

Version: 3.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7ec092a91ff351dcde89c23e795b73a328274db6",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "a4378dedd6e07e62f2fccb17d78c9665718763d0",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "33a4fdf0b4a25f8ce65380c3b0136b407ca57609",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "17d699727577814198d744d6afe54735c6b54c99",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "dfd06131107e7b699ef1e2a24ed2f7d17c917753",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "fa4749c065644af4db496b338452a69a3e5147d9",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "ae313d14b45eca7a6bb29cb9bf396d977e7d28fb",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.245",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.194",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.300",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.245",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.194",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.154",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.108",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.49",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.9",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n  1. accept()\n  2. connect(AF_UNSPEC)\n  3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS:  0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T09:47:33.556Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609"
        },
        {
          "url": "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01"
        }
      ],
      "title": "tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39955",
    "datePublished": "2025-10-09T09:47:33.556Z",
    "dateReserved": "2025-04-16T07:20:57.149Z",
    "dateUpdated": "2025-10-09T09:47:33.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-39955\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-09T10:15:36.220\",\"lastModified\":\"2025-10-09T15:50:04.013\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\\n\\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\\nin the TCP_ESTABLISHED state. [0]\\n\\nsyzbot reused the server-side TCP Fast Open socket as a new client before\\nthe TFO socket completes 3WHS:\\n\\n  1. accept()\\n  2. connect(AF_UNSPEC)\\n  3. connect() to another destination\\n\\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\\n\\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\\nretransmit timer triggered the warning and the intended packet was not\\nretransmitted.\\n\\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\\n\\n[0]:\\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\\nModules linked in:\\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\\nFS:  0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\\nCall Trace:\\n \u003cIRQ\u003e\\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\\n call_timer_fn (kernel/time/timer.c:1747)\\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\\n \u003c/IRQ\u003e\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

ghsa-63w2-9qrq-4h94

Vulnerability from github

Published

2025-10-09 12:30

Modified

2025-10-09 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().

syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0]

syzbot reused the server-side TCP Fast Open socket as a new client before the TFO socket completes 3WHS:

accept()
connect(AF_UNSPEC)
connect() to another destination

As of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes it to TCP_CLOSE and makes connect() possible, which restarts timers.

Since tcp_disconnect() forgot to clear tcp_sk(sk)->fastopen_rsk, the retransmit timer triggered the warning and the intended packet was not retransmitted.

Let's call reqsk_fastopen_remove() in tcp_disconnect().

[0]: WARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7)) Modules linked in: CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7)) Code: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 <0f> 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e RSP: 0018:ffffc900002f8d40 EFLAGS: 00010293 RAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017 RDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400 RBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8 R10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540 R13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0 FS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0 Call Trace: tcp_write_timer (net/ipv4/tcp_timer.c:738) call_timer_fn (kernel/time/timer.c:1747) __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372) timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135) tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035) __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1)) tmigr_handle_remote (kernel/time/timer_migration.c:1096) handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580) irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39955"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T10:15:36Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n  1. accept()\n  2. connect(AF_UNSPEC)\n  3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS:  0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
  "id": "GHSA-63w2-9qrq-4h94",
  "modified": "2025-10-09T12:30:18Z",
  "published": "2025-10-09T12:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2025-AVI-0899

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 gdb 11.2-7
Microsoft	N/A	cbl2 binutils 2.37-16
Microsoft	N/A	cbl2 redis 6.2.20-1
Microsoft	N/A	cbl2 redis 6.2.18-3
Microsoft	N/A	azl3 python3 3.12.9-4 versions antérieures à 3.12.9-5
Microsoft	N/A	cbl2 crash 8.0.1-4
Microsoft	N/A	cbl2 binutils 2.37-17
Microsoft	N/A	cbl2 pytorch 2.0.0-9
Microsoft	N/A	azl3 kernel 6.6.96.2-2
Microsoft	N/A	azl3 binutils 2.41-7
Microsoft	N/A	cbl2 qt5-qtsvg 5.12.11-6 versions antérieures à 5.12.11-7
Microsoft	N/A	cbl2 python3 3.9.19-14
Microsoft	N/A	azl3 openssh 9.8p1-4
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	cbl2 rubygem-elasticsearch 8.3.0-1
Microsoft	N/A	azl3 kernel 6.6.104.2-1
Microsoft	N/A	cbl2 python3 3.9.19-15 versions antérieures à 3.9.19-16
Microsoft	N/A	cbl2 qemu 6.2.0-24
Microsoft	N/A	azl3 qemu 8.2.0-19
Microsoft	N/A	cbl2 gdb 11.2-6
Microsoft	N/A	cbl2 openssh 8.9p1-8 versions antérieures à 8.9p1-9
Microsoft	N/A	azl3 valkey 8.0.4-1 versions antérieures à 8.0.6-1
Microsoft	N/A	azl3 rubygem-elasticsearch 8.9.0-1
Microsoft	N/A	azl3 pytorch 2.2.2-7
Microsoft	N/A	azl3 ruby 3.3.5-5
Microsoft	N/A	cbl2 redis 6.2.18-3 versions antérieures à 6.2.20-1
Microsoft	N/A	azl3 qtsvg 6.6.1-2 versions antérieures à 6.6.1-3
Microsoft	N/A	azl3 valkey 8.0.4-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-39967	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39940	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11412	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39994	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39947	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53687	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39931	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39942	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55551	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50502	2025-10-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-42321	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53195	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-39508	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53234	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39981	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-46818	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39998	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39972	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39953	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49133	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39934	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39968	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39932	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-49844	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-56709	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39965	2025-10-15	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39985	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11234	2025-10-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39970	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39980	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39977	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39964	2025-10-15	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39938	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11495	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-56641	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2020-8130	2025-10-12	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-8291	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-21645	2025-10-18	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39982	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39987	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-40989	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-49568	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-37727	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49069	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-46817	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-46717	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39961	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55552	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-41079	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39969	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-40966	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61985	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39949	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11414	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-46819	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39945	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61984	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-48816	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39955	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39937	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55554	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-56592	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-10729	2025-10-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11413	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39929	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49124	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39946	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39973	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-21629	2025-10-18	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53196	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39990	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39971	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39957	2025-10-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 gdb 11.2-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 binutils 2.37-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 redis 6.2.20-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 redis 6.2.18-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python3 3.12.9-4 versions ant\u00e9rieures \u00e0 3.12.9-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 crash 8.0.1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 binutils 2.37-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 pytorch 2.0.0-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.96.2-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 binutils 2.41-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qt5-qtsvg 5.12.11-6 versions ant\u00e9rieures \u00e0 5.12.11-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 openssh 9.8p1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 rubygem-elasticsearch 8.3.0-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.104.2-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-15 versions ant\u00e9rieures \u00e0 3.9.19-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qemu 6.2.0-24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 qemu 8.2.0-19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gdb 11.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 openssh 8.9p1-8 versions ant\u00e9rieures \u00e0 8.9p1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 valkey 8.0.4-1 versions ant\u00e9rieures \u00e0 8.0.6-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 rubygem-elasticsearch 8.9.0-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 pytorch 2.2.2-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 ruby 3.3.5-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 redis 6.2.18-3 versions ant\u00e9rieures \u00e0 6.2.20-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 qtsvg 6.6.1-2 versions ant\u00e9rieures \u00e0 6.6.1-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 valkey 8.0.4-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-49069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49069"
    },
    {
      "name": "CVE-2025-39987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
    },
    {
      "name": "CVE-2025-39947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39947"
    },
    {
      "name": "CVE-2025-39973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
    },
    {
      "name": "CVE-2025-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
    },
    {
      "name": "CVE-2025-55551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
    },
    {
      "name": "CVE-2024-56709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
    },
    {
      "name": "CVE-2025-39967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
    },
    {
      "name": "CVE-2025-11234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
    },
    {
      "name": "CVE-2025-39942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
    },
    {
      "name": "CVE-2025-39929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
    },
    {
      "name": "CVE-2025-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
    },
    {
      "name": "CVE-2025-49844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
    },
    {
      "name": "CVE-2025-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
    },
    {
      "name": "CVE-2025-39990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39990"
    },
    {
      "name": "CVE-2025-39969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
    },
    {
      "name": "CVE-2025-61985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
    },
    {
      "name": "CVE-2025-46819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46819"
    },
    {
      "name": "CVE-2024-53234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2025-55552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
    },
    {
      "name": "CVE-2024-40989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
    },
    {
      "name": "CVE-2025-39940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39940"
    },
    {
      "name": "CVE-2025-39977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
    },
    {
      "name": "CVE-2025-21645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
    },
    {
      "name": "CVE-2025-46817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46817"
    },
    {
      "name": "CVE-2024-39508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
    },
    {
      "name": "CVE-2022-49133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49133"
    },
    {
      "name": "CVE-2025-39970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
    },
    {
      "name": "CVE-2025-39981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39981"
    },
    {
      "name": "CVE-2025-39994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
    },
    {
      "name": "CVE-2025-61984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
    },
    {
      "name": "CVE-2024-41079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
    },
    {
      "name": "CVE-2025-39998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
    },
    {
      "name": "CVE-2025-39968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
    },
    {
      "name": "CVE-2022-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49124"
    },
    {
      "name": "CVE-2024-53687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53687"
    },
    {
      "name": "CVE-2025-39955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
    },
    {
      "name": "CVE-2025-39934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
    },
    {
      "name": "CVE-2025-11495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11495"
    },
    {
      "name": "CVE-2025-39938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39938"
    },
    {
      "name": "CVE-2025-39982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39982"
    },
    {
      "name": "CVE-2025-39965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39965"
    },
    {
      "name": "CVE-2025-39932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39932"
    },
    {
      "name": "CVE-2025-11414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
    },
    {
      "name": "CVE-2025-21629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
    },
    {
      "name": "CVE-2022-50502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50502"
    },
    {
      "name": "CVE-2025-39964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
    },
    {
      "name": "CVE-2024-49568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49568"
    },
    {
      "name": "CVE-2024-53196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
    },
    {
      "name": "CVE-2025-39971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
    },
    {
      "name": "CVE-2024-46717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
    },
    {
      "name": "CVE-2024-40966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
    },
    {
      "name": "CVE-2025-39972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
    },
    {
      "name": "CVE-2024-56641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
    },
    {
      "name": "CVE-2025-11413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
    },
    {
      "name": "CVE-2025-39961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39961"
    },
    {
      "name": "CVE-2025-55554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
    },
    {
      "name": "CVE-2025-37727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
    },
    {
      "name": "CVE-2025-10729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10729"
    },
    {
      "name": "CVE-2025-39957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
    },
    {
      "name": "CVE-2025-39931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
    },
    {
      "name": "CVE-2024-53195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
    },
    {
      "name": "CVE-2025-39937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
    },
    {
      "name": "CVE-2025-46818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46818"
    },
    {
      "name": "CVE-2025-11412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
    },
    {
      "name": "CVE-2022-48816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48816"
    },
    {
      "name": "CVE-2025-39985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
    },
    {
      "name": "CVE-2025-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
    },
    {
      "name": "CVE-2025-39980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
    },
    {
      "name": "CVE-2024-42321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
    },
    {
      "name": "CVE-2020-8130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8130"
    },
    {
      "name": "CVE-2024-56592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
    }
  ],
  "initial_release_date": "2025-10-20T00:00:00",
  "last_revision_date": "2025-10-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0899",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39967",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39967"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39940",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39940"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11412",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11412"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39994",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39994"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39947",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39947"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53687",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53687"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39931",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39931"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39942",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39942"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55551",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55551"
    },
    {
      "published_at": "2025-10-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50502",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50502"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-42321",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42321"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53195",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53195"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-39508",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39508"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53234",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53234"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39981",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39981"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46818",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46818"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39998",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39998"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39972",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39972"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39953",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39953"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49133"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39934",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39934"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39968",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39968"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39932",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39932"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49844",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49844"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56709",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56709"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39965"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39985",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39985"
    },
    {
      "published_at": "2025-10-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11234",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11234"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39970",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39970"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39980",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39980"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39977",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39977"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39964",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39964"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39938",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39938"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11495",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11495"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56641",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56641"
    },
    {
      "published_at": "2025-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8130",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8130"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-8291",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8291"
    },
    {
      "published_at": "2025-10-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21645",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21645"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39982",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39982"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39987",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39987"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-40989",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-40989"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49568",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49568"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-37727",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-37727"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49069"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46817",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46817"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-46717",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46717"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39961",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39961"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55552"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-41079",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41079"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39969",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39969"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-40966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-40966"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61985",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61985"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39949",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39949"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11414",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11414"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46819",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46819"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39945",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39945"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61984",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61984"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-48816",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-48816"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39955",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39955"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39937",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39937"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55554",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55554"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56592",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56592"
    },
    {
      "published_at": "2025-10-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10729",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10729"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11413",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11413"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39929",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39929"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49124",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49124"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39946",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39946"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39973",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39973"
    },
    {
      "published_at": "2025-10-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21629",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21629"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53196"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39990",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39990"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39971",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39971"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39957",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39957"
    }
  ]
}

fkie_cve-2025-39955

Vulnerability from fkie_nvd

Published

2025-10-09 10:15

Modified

2025-10-09 15:50

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n  1. accept()\n  2. connect(AF_UNSPEC)\n  3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS:  0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e"
    }
  ],
  "id": "CVE-2025-39955",
  "lastModified": "2025-10-09T15:50:04.013",
  "metrics": {},
  "published": "2025-10-09T10:15:36.220",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-39955 (GCVE-0-2025-39955)

Vulnerability from cvelistv5

ghsa-63w2-9qrq-4h94

Vulnerability from github

CERTFR-2025-AVI-0899

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-39955

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature