CVE-2025-39673
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held. If the only channel is deleted in ppp_disconnect_channel(), list_first_entry() may access an empty head or a freed entry, and trigger a panic. 2. pch->chan can be NULL. When ppp_unregister_channel() is called, pch->chan is set to NULL before pch is removed from ppp->channels. Fix these by using a lockless RCU approach: - Use list_first_or_null_rcu() to safely test and access the first list entry. - Convert list modifications on ppp->channels to their RCU variants and add synchronize_net() after removal. - Check for a NULL pch->chan before dereferencing it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-03
Generated
2026-05-09
AI Q&A
2025-09-05
EPSS Evaluated
2026-05-07
NVD
CVE-2025-39673
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves race conditions in the Linux kernel's ppp_fill_forward_path() function. Specifically, the ppp->channels list can change between checks without proper locking, which may cause the system to access invalid or freed memory, potentially leading to a kernel panic. Additionally, a channel pointer (pch->chan) can be NULL when accessed, causing further issues. The fix involves using lockless RCU (Read-Copy-Update) techniques to safely access and modify the list and checking for NULL pointers before dereferencing.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to panic due to race conditions when handling PPP channels, potentially leading to system crashes or denial of service. This can affect system stability and availability, especially on systems relying on PPP connections.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart