Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-2051
Vulnerability from csaf_certbund
Published
2025-09-14 22:00
Modified
2025-09-22 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2025-2051 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2051.json" }, { "category": "self", "summary": "WID-SEC-2025-2051 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2051" }, { "category": "external", "summary": "Kernel CVE Announce Mailingliste", "url": "https://lore.kernel.org/linux-cve-announce/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39792", "url": "https://lore.kernel.org/linux-cve-announce/2025091221-CVE-2025-39792-5efd@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39793", "url": "https://lore.kernel.org/linux-cve-announce/2025091223-CVE-2025-39793-9d74@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39794", "url": "https://lore.kernel.org/linux-cve-announce/2025091223-CVE-2025-39794-9d67@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39795", "url": "https://lore.kernel.org/linux-cve-announce/2025091223-CVE-2025-39795-c418@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39796", "url": "https://lore.kernel.org/linux-cve-announce/2025091224-CVE-2025-39796-290b@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39797", "url": "https://lore.kernel.org/linux-cve-announce/2025091224-CVE-2025-39797-b0f7@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39798", "url": "https://lore.kernel.org/linux-cve-announce/2025091224-CVE-2025-39798-a66e@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2025-39799", "url": "https://lore.kernel.org/linux-cve-announce/2025091224-CVE-2025-39799-768d@gregkh/" }, { "category": "external", "summary": "Debian Security Advisory DSA-6009 vom 2025-09-23", "url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service", "tracking": { "current_release_date": "2025-09-22T22:00:00.000+00:00", "generator": { "date": "2025-09-23T04:57:03.937+00:00", "engine": { "name": "BSI-WID", "version": "1.4.0" } }, "id": "WID-SEC-W-2025-2051", "initial_release_date": "2025-09-14T22:00:00.000+00:00", "revision_history": [ { "date": "2025-09-14T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2025-09-22T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Debian aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "T046977", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-39792", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39792" }, { "cve": "CVE-2025-39793", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39793" }, { "cve": "CVE-2025-39794", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39794" }, { "cve": "CVE-2025-39795", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39795" }, { "cve": "CVE-2025-39796", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39796" }, { "cve": "CVE-2025-39797", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39797" }, { "cve": "CVE-2025-39798", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39798" }, { "cve": "CVE-2025-39799", "product_status": { "known_affected": [ "T046977", "2951" ] }, "release_date": "2025-09-14T22:00:00.000+00:00", "title": "CVE-2025-39799" } ] }
CVE-2025-39795 (GCVE-0-2025-39795)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
In blk_stack_limits(), we check that the t->chunk_sectors value is a
multiple of the t->physical_block_size value.
However, by finding the chunk_sectors value in bytes, we may overflow
the unsigned int which holds chunk_sectors, so change the check to be
based on sectors.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "block/blk-settings.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "418751910044649baa2b424ea31cce3fc4dcc253", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "8b3ce085b52e674290cbfdd07034e7653ffbe4dc", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "31f2f080898e50cbf2bae62d35f9f2a997547b38", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "3b9d69f0e68aa6b0acd9791c45d445154a8c66e9", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "46aa80ef49594ed7de685ecbc673b291e9a2c159", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "5e276e6ff9aacf8901b9c3265c3cdd2568c9fff2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "14beeef4aafecc8a41de534e31fb5be94739392f", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "448dfecc7ff807822ecd47a5c052acedca7d09e8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "block/blk-settings.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.241", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.190", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.149", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.103", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.43", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.241", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.190", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.149", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.103", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.43", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid possible overflow for chunk_sectors check in blk_stack_limits()\n\nIn blk_stack_limits(), we check that the t-\u003echunk_sectors value is a\nmultiple of the t-\u003ephysical_block_size value.\n\nHowever, by finding the chunk_sectors value in bytes, we may overflow\nthe unsigned int which holds chunk_sectors, so change the check to be\nbased on sectors." } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:35.732Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/418751910044649baa2b424ea31cce3fc4dcc253" }, { "url": "https://git.kernel.org/stable/c/8b3ce085b52e674290cbfdd07034e7653ffbe4dc" }, { "url": "https://git.kernel.org/stable/c/31f2f080898e50cbf2bae62d35f9f2a997547b38" }, { "url": "https://git.kernel.org/stable/c/3b9d69f0e68aa6b0acd9791c45d445154a8c66e9" }, { "url": "https://git.kernel.org/stable/c/46aa80ef49594ed7de685ecbc673b291e9a2c159" }, { "url": "https://git.kernel.org/stable/c/5e276e6ff9aacf8901b9c3265c3cdd2568c9fff2" }, { "url": "https://git.kernel.org/stable/c/14beeef4aafecc8a41de534e31fb5be94739392f" }, { "url": "https://git.kernel.org/stable/c/448dfecc7ff807822ecd47a5c052acedca7d09e8" } ], "title": "block: avoid possible overflow for chunk_sectors check in blk_stack_limits()", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39795", "datePublished": "2025-09-12T15:59:32.037Z", "dateReserved": "2025-04-16T07:20:57.132Z", "dateUpdated": "2025-09-29T05:59:35.732Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39793 (GCVE-0-2025-39793)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/memmap: cast nr_pages to size_t before shifting
If the allocated size exceeds UINT_MAX, then it's necessary to cast
the mr->nr_pages value to size_t to prevent it from overflowing. In
practice this isn't much of a concern as the required memory size will
have been validated upfront, and accounted to the user. And > 4GB sizes
will be necessary to make the lack of a cast a problem, which greatly
exceeds normal user locked_vm settings that are generally in the kb to
mb range. However, if root is used, then accounting isn't done, and
then it's possible to hit this issue.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "io_uring/memmap.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c6a2706e08b8a1b2d3740161c0977d38e596c1ee", "status": "affected", "version": "087f997870a948820ec366701d178f402c6a23a3", "versionType": "git" }, { "lessThan": "a69a9b53c54e2d33e2a5b1ea4a9a71fd01c6cf3a", "status": "affected", "version": "087f997870a948820ec366701d178f402c6a23a3", "versionType": "git" }, { "lessThan": "33503c083fda048c77903460ac0429e1e2c0e341", "status": "affected", "version": "087f997870a948820ec366701d178f402c6a23a3", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "io_uring/memmap.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.14" }, { "lessThan": "6.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "versionStartIncluding": "6.14", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "versionStartIncluding": "6.14", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "versionStartIncluding": "6.14", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/memmap: cast nr_pages to size_t before shifting\n\nIf the allocated size exceeds UINT_MAX, then it\u0027s necessary to cast\nthe mr-\u003enr_pages value to size_t to prevent it from overflowing. In\npractice this isn\u0027t much of a concern as the required memory size will\nhave been validated upfront, and accounted to the user. And \u003e 4GB sizes\nwill be necessary to make the lack of a cast a problem, which greatly\nexceeds normal user locked_vm settings that are generally in the kb to\nmb range. However, if root is used, then accounting isn\u0027t done, and\nthen it\u0027s possible to hit this issue." } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:33.153Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c6a2706e08b8a1b2d3740161c0977d38e596c1ee" }, { "url": "https://git.kernel.org/stable/c/a69a9b53c54e2d33e2a5b1ea4a9a71fd01c6cf3a" }, { "url": "https://git.kernel.org/stable/c/33503c083fda048c77903460ac0429e1e2c0e341" } ], "title": "io_uring/memmap: cast nr_pages to size_t before shifting", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39793", "datePublished": "2025-09-12T15:59:30.388Z", "dateReserved": "2025-04-16T07:20:57.132Z", "dateUpdated": "2025-09-29T05:59:33.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39796 (GCVE-0-2025-39796)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: lapbether: ignore ops-locked netdevs
Syzkaller managed to trigger lock dependency in xsk_notify via
register_netdevice. As discussed in [0], using register_netdevice
in the notifiers is problematic so skip adding lapbeth for ops-locked
devices.
xsk_notifier+0xa4/0x280 net/xdp/xsk.c:1645
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
unregister_netdevice_many_notify+0xf9d/0x2700 net/core/dev.c:12077
unregister_netdevice_many net/core/dev.c:12140 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984
register_netdevice+0x18f1/0x2270 net/core/dev.c:11149
lapbeth_new_device drivers/net/wan/lapbether.c:420 [inline]
lapbeth_device_event+0x5b1/0xbe0 drivers/net/wan/lapbether.c:462
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
__dev_notify_flags+0x12c/0x2e0 net/core/dev.c:9497
netif_change_flags+0x108/0x160 net/core/dev.c:9526
dev_change_flags+0xba/0x250 net/core/dev_api.c:68
devinet_ioctl+0x11d5/0x1f50 net/ipv4/devinet.c:1200
inet_ioctl+0x3a7/0x3f0 net/ipv4/af_inet.c:1001
0: https://lore.kernel.org/netdev/20250625140357.6203d0af@kernel.org/
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wan/lapbether.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "57a7ef338a2cd62a22a15a199ab9afd3d953df55", "status": "affected", "version": "4c975fd700022c90e61a46326e3444e08317876e", "versionType": "git" }, { "lessThan": "628e233c1fefcc227fae9bdcff6be8ac92e1b4d2", "status": "affected", "version": "4c975fd700022c90e61a46326e3444e08317876e", "versionType": "git" }, { "lessThan": "53898ebabe843bfa7baea9dae152797d5d0563c9", "status": "affected", "version": "4c975fd700022c90e61a46326e3444e08317876e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wan/lapbether.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.15" }, { "lessThan": "6.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "versionStartIncluding": "6.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "versionStartIncluding": "6.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "versionStartIncluding": "6.15", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lapbether: ignore ops-locked netdevs\n\nSyzkaller managed to trigger lock dependency in xsk_notify via\nregister_netdevice. As discussed in [0], using register_netdevice\nin the notifiers is problematic so skip adding lapbeth for ops-locked\ndevices.\n\n xsk_notifier+0xa4/0x280 net/xdp/xsk.c:1645\n notifier_call_chain+0xbc/0x410 kernel/notifier.c:85\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230\n call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]\n call_netdevice_notifiers net/core/dev.c:2282 [inline]\n unregister_netdevice_many_notify+0xf9d/0x2700 net/core/dev.c:12077\n unregister_netdevice_many net/core/dev.c:12140 [inline]\n unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11984\n register_netdevice+0x18f1/0x2270 net/core/dev.c:11149\n lapbeth_new_device drivers/net/wan/lapbether.c:420 [inline]\n lapbeth_device_event+0x5b1/0xbe0 drivers/net/wan/lapbether.c:462\n notifier_call_chain+0xbc/0x410 kernel/notifier.c:85\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230\n call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]\n call_netdevice_notifiers net/core/dev.c:2282 [inline]\n __dev_notify_flags+0x12c/0x2e0 net/core/dev.c:9497\n netif_change_flags+0x108/0x160 net/core/dev.c:9526\n dev_change_flags+0xba/0x250 net/core/dev_api.c:68\n devinet_ioctl+0x11d5/0x1f50 net/ipv4/devinet.c:1200\n inet_ioctl+0x3a7/0x3f0 net/ipv4/af_inet.c:1001\n\n0: https://lore.kernel.org/netdev/20250625140357.6203d0af@kernel.org/" } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:37.011Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/57a7ef338a2cd62a22a15a199ab9afd3d953df55" }, { "url": "https://git.kernel.org/stable/c/628e233c1fefcc227fae9bdcff6be8ac92e1b4d2" }, { "url": "https://git.kernel.org/stable/c/53898ebabe843bfa7baea9dae152797d5d0563c9" } ], "title": "net: lapbether: ignore ops-locked netdevs", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39796", "datePublished": "2025-09-12T15:59:32.871Z", "dateReserved": "2025-04-16T07:20:57.132Z", "dateUpdated": "2025-09-29T05:59:37.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39799 (GCVE-0-2025-39799)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2025-09-29T06:10:00.185Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39799", "datePublished": "2025-09-12T15:59:35.221Z", "dateRejected": "2025-09-29T06:10:00.185Z", "dateReserved": "2025-04-16T07:20:57.133Z", "dateUpdated": "2025-09-29T06:10:00.185Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39797 (GCVE-0-2025-39797)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Duplicate SPI Handling
The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI
Netlink message, which triggers the kernel function xfrm_alloc_spi().
This function is expected to ensure uniqueness of the Security Parameter
Index (SPI) for inbound Security Associations (SAs). However, it can
return success even when the requested SPI is already in use, leading
to duplicate SPIs assigned to multiple inbound SAs, differentiated
only by their destination addresses.
This behavior causes inconsistencies during SPI lookups for inbound packets.
Since the lookup may return an arbitrary SA among those with the same SPI,
packet processing can fail, resulting in packet drops.
According to RFC 4301 section 4.4.2 , for inbound processing a unicast SA
is uniquely identified by the SPI and optionally protocol.
Reproducing the Issue Reliably:
To consistently reproduce the problem, restrict the available SPI range in
charon.conf : spi_min = 0x10000000 spi_max = 0x10000002
This limits the system to only 2 usable SPI values.
Next, create more than 2 Child SA. each using unique pair of src/dst address.
As soon as the 3rd Child SA is initiated, it will be assigned a duplicate
SPI, since the SPI pool is already exhausted.
With a narrow SPI range, the issue is consistently reproducible.
With a broader/default range, it becomes rare and unpredictable.
Current implementation:
xfrm_spi_hash() lookup function computes hash using daddr, proto, and family.
So if two SAs have the same SPI but different destination addresses, then
they will:
a. Hash into different buckets
b. Be stored in different linked lists (byspi + h)
c. Not be seen in the same hlist_for_each_entry_rcu() iteration.
As a result, the lookup will result in NULL and kernel allows that Duplicate SPI
Proposed Change:
xfrm_state_lookup_spi_proto() does a truly global search - across all states,
regardless of hash bucket and matches SPI and proto.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/xfrm/xfrm_state.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3d8090bb53424432fa788fe9a49e8ceca74f0544", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "c67d4e7a8f90fb6361ca89d4d5c9a28f4e935e47", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "29e9158f91f99057dbd35db5e8674d93b38549fe", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "94f39804d891cffe4ce17737d295f3b195bc7299", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/xfrm/xfrm_state.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.103", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.43", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.103", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.43", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto." } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:38.268Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544" }, { "url": "https://git.kernel.org/stable/c/2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38" }, { "url": "https://git.kernel.org/stable/c/c67d4e7a8f90fb6361ca89d4d5c9a28f4e935e47" }, { "url": "https://git.kernel.org/stable/c/29e9158f91f99057dbd35db5e8674d93b38549fe" }, { "url": "https://git.kernel.org/stable/c/94f39804d891cffe4ce17737d295f3b195bc7299" } ], "title": "xfrm: Duplicate SPI Handling", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39797", "datePublished": "2025-09-12T15:59:33.639Z", "dateReserved": "2025-04-16T07:20:57.132Z", "dateUpdated": "2025-09-29T05:59:38.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39792 (GCVE-0-2025-39792)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm: Always split write BIOs to zoned device limits
Any zoned DM target that requires zone append emulation will use the
block layer zone write plugging. In such case, DM target drivers must
not split BIOs using dm_accept_partial_bio() as doing so can potentially
lead to deadlocks with queue freeze operations. Regular write operations
used to emulate zone append operations also cannot be split by the
target driver as that would result in an invalid writen sector value
return using the BIO sector.
In order for zoned DM target drivers to avoid such incorrect BIO
splitting, we must ensure that large BIOs are split before being passed
to the map() function of the target, thus guaranteeing that the
limits for the mapped device are not exceeded.
dm-crypt and dm-flakey are the only target drivers supporting zoned
devices and using dm_accept_partial_bio().
In the case of dm-crypt, this function is used to split BIOs to the
internal max_write_size limit (which will be suppressed in a different
patch). However, since crypt_alloc_buffer() uses a bioset allowing only
up to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device
max_segments limit, which is not set and so default to BLK_MAX_SEGMENTS
(128), must thus be respected and write BIOs split accordingly.
In the case of dm-flakey, since zone append emulation is not required,
the block layer zone write plugging is not used and no splitting of BIOs
required.
Modify the function dm_zone_bio_needs_split() to use the block layer
helper function bio_needs_zone_write_plugging() to force a call to
bio_split_to_limits() in dm_split_and_process_bio(). This allows DM
target drivers to avoid using dm_accept_partial_bio() for write
operations on zoned DM devices.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/dm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d10bf66d9f9335ffc7521b3029b114f50604cabe", "status": "affected", "version": "f211268ed1f9bdf48f06a3ead5f5d88437450579", "versionType": "git" }, { "lessThan": "f5dd256333c08ab44b5aec4a8118cb04c0f20c54", "status": "affected", "version": "f211268ed1f9bdf48f06a3ead5f5d88437450579", "versionType": "git" }, { "lessThan": "4e9fef1cf0243d665d75c371cc80be6156cd30a2", "status": "affected", "version": "f211268ed1f9bdf48f06a3ead5f5d88437450579", "versionType": "git" }, { "lessThan": "2df7168717b7d2d32bcf017c68be16e4aae9dd13", "status": "affected", "version": "f211268ed1f9bdf48f06a3ead5f5d88437450579", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/dm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.10" }, { "lessThan": "6.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.43", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.43", "versionStartIncluding": "6.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "versionStartIncluding": "6.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "versionStartIncluding": "6.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "versionStartIncluding": "6.10", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: Always split write BIOs to zoned device limits\n\nAny zoned DM target that requires zone append emulation will use the\nblock layer zone write plugging. In such case, DM target drivers must\nnot split BIOs using dm_accept_partial_bio() as doing so can potentially\nlead to deadlocks with queue freeze operations. Regular write operations\nused to emulate zone append operations also cannot be split by the\ntarget driver as that would result in an invalid writen sector value\nreturn using the BIO sector.\n\nIn order for zoned DM target drivers to avoid such incorrect BIO\nsplitting, we must ensure that large BIOs are split before being passed\nto the map() function of the target, thus guaranteeing that the\nlimits for the mapped device are not exceeded.\n\ndm-crypt and dm-flakey are the only target drivers supporting zoned\ndevices and using dm_accept_partial_bio().\n\nIn the case of dm-crypt, this function is used to split BIOs to the\ninternal max_write_size limit (which will be suppressed in a different\npatch). However, since crypt_alloc_buffer() uses a bioset allowing only\nup to BIO_MAX_VECS (256) vectors in a BIO. The dm-crypt device\nmax_segments limit, which is not set and so default to BLK_MAX_SEGMENTS\n(128), must thus be respected and write BIOs split accordingly.\n\nIn the case of dm-flakey, since zone append emulation is not required,\nthe block layer zone write plugging is not used and no splitting of BIOs\nrequired.\n\nModify the function dm_zone_bio_needs_split() to use the block layer\nhelper function bio_needs_zone_write_plugging() to force a call to\nbio_split_to_limits() in dm_split_and_process_bio(). This allows DM\ntarget drivers to avoid using dm_accept_partial_bio() for write\noperations on zoned DM devices." } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:31.150Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d10bf66d9f9335ffc7521b3029b114f50604cabe" }, { "url": "https://git.kernel.org/stable/c/f5dd256333c08ab44b5aec4a8118cb04c0f20c54" }, { "url": "https://git.kernel.org/stable/c/4e9fef1cf0243d665d75c371cc80be6156cd30a2" }, { "url": "https://git.kernel.org/stable/c/2df7168717b7d2d32bcf017c68be16e4aae9dd13" } ], "title": "dm: Always split write BIOs to zoned device limits", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39792", "datePublished": "2025-09-12T15:59:29.477Z", "dateReserved": "2025-04-16T07:20:57.132Z", "dateUpdated": "2025-09-29T05:59:31.150Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39798 (GCVE-0-2025-39798)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix the setting of capabilities when automounting a new filesystem
Capabilities cannot be inherited when we cross into a new filesystem.
They need to be reset to the minimal defaults, and then probed for
again.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b Version: 54ceac4515986030c2502960be620198dd8fe25b |
||||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nfs/client.c", "fs/nfs/internal.h", "fs/nfs/nfs4client.c", "fs/nfs/nfs4proc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "95eb0d97ab98a10e966125c1f274e7d0fc0992b3", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "73fcb101bb3eb2a552d7856a476b2c0bc3b5ef9e", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "3924dab90816d0c683a110628ef386f83a9d1e13", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "175afda783e38c0660f2afc0602dd9c83d4e7ee1", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "987c20428f067c1c7f29ed0a2bd8c63fa74b1c2c", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "816a6f60c2c2b679a33fa4276442bafd11473651", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "a8ffee4abd8ec9d7a64d394e0306ae64ba139fd2", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "50e0fd0050e510e749e1fdd1d7158e419ff8f3b9", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" }, { "lessThan": "b01f21cacde9f2878492cf318fee61bf4ccad323", "status": "affected", "version": "54ceac4515986030c2502960be620198dd8fe25b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nfs/client.c", "fs/nfs/internal.h", "fs/nfs/nfs4client.c", "fs/nfs/nfs4proc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.19" }, { "lessThan": "2.6.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.297", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.241", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.190", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.149", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.103", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.43", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.297", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.241", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.190", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.149", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.103", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.43", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "versionStartIncluding": "2.6.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "versionStartIncluding": "2.6.19", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain." } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:39.522Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/95eb0d97ab98a10e966125c1f274e7d0fc0992b3" }, { "url": "https://git.kernel.org/stable/c/73fcb101bb3eb2a552d7856a476b2c0bc3b5ef9e" }, { "url": "https://git.kernel.org/stable/c/3924dab90816d0c683a110628ef386f83a9d1e13" }, { "url": "https://git.kernel.org/stable/c/175afda783e38c0660f2afc0602dd9c83d4e7ee1" }, { "url": "https://git.kernel.org/stable/c/987c20428f067c1c7f29ed0a2bd8c63fa74b1c2c" }, { "url": "https://git.kernel.org/stable/c/816a6f60c2c2b679a33fa4276442bafd11473651" }, { "url": "https://git.kernel.org/stable/c/a8ffee4abd8ec9d7a64d394e0306ae64ba139fd2" }, { "url": "https://git.kernel.org/stable/c/50e0fd0050e510e749e1fdd1d7158e419ff8f3b9" }, { "url": "https://git.kernel.org/stable/c/b01f21cacde9f2878492cf318fee61bf4ccad323" } ], "title": "NFS: Fix the setting of capabilities when automounting a new filesystem", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39798", "datePublished": "2025-09-12T15:59:34.386Z", "dateReserved": "2025-04-16T07:20:57.133Z", "dateUpdated": "2025-09-29T05:59:39.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-39794 (GCVE-0-2025-39794)
Vulnerability from cvelistv5
Published
2025-09-12 15:59
Modified
2025-09-29 05:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: tegra: Use I/O memcpy to write to IRAM
Kasan crashes the kernel trying to check boundaries when using the
normal memcpy.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/arm/mach-tegra/reset.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b28c1a14accc79ead1e87bbdae53309da60be1e7", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "75a3bdfeed2f129a2c7d9fd7779382b78e35b014", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2499b0ac908eefbb8a217aae609b7a5b5174f330", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "387435f4833f97aabfd74434ee526e31e8a626ea", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "46b3a7a3a36d5833f14914d1b95c69d28c6a76d6", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "9b0b3b5e5cae95e09bf0ae4a9bcb58d9b6d57f87", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "96d6605bf0561d6e568b1dd9265a0f73b5b94f51", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "30ef45b89a5961cdecf907ecff1ef3374d1de510", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "398e67e0f5ae04b29bcc9cbf342e339fe9d3f6f1", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/arm/mach-tegra/reset.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.297", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.241", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.190", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.149", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.103", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.43", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.11", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.297", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.241", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.190", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.149", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.103", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.43", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy." } ], "providerMetadata": { "dateUpdated": "2025-09-29T05:59:34.486Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b28c1a14accc79ead1e87bbdae53309da60be1e7" }, { "url": "https://git.kernel.org/stable/c/75a3bdfeed2f129a2c7d9fd7779382b78e35b014" }, { "url": "https://git.kernel.org/stable/c/2499b0ac908eefbb8a217aae609b7a5b5174f330" }, { "url": "https://git.kernel.org/stable/c/387435f4833f97aabfd74434ee526e31e8a626ea" }, { "url": "https://git.kernel.org/stable/c/46b3a7a3a36d5833f14914d1b95c69d28c6a76d6" }, { "url": "https://git.kernel.org/stable/c/9b0b3b5e5cae95e09bf0ae4a9bcb58d9b6d57f87" }, { "url": "https://git.kernel.org/stable/c/96d6605bf0561d6e568b1dd9265a0f73b5b94f51" }, { "url": "https://git.kernel.org/stable/c/30ef45b89a5961cdecf907ecff1ef3374d1de510" }, { "url": "https://git.kernel.org/stable/c/398e67e0f5ae04b29bcc9cbf342e339fe9d3f6f1" } ], "title": "ARM: tegra: Use I/O memcpy to write to IRAM", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-39794", "datePublished": "2025-09-12T15:59:31.226Z", "dateReserved": "2025-04-16T07:20:57.132Z", "dateUpdated": "2025-09-29T05:59:34.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…