CVE-2025-39695
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's RDMA/rxe component where skb packets depend on rxe resources like QP and sk. When these packets are destroyed, if the rxe resources are released prematurely, call traces can occur. To prevent skb packets from hanging too long in network devices, a timestamp is added at creation, allowing devices to free these packets and release resources if they hang too long.
How can this vulnerability impact me? :
The vulnerability can cause call traces due to premature release of rxe resources while skb packets are still in use, potentially leading to network instability or resource management issues in systems using RDMA/rxe in the Linux kernel.