CVE-2025-39848
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()").
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39848
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the ax25 protocol where the function ax25_kiss_rcv() improperly handles shared socket buffers (skbs). Specifically, it queues or modifies input skbs without checking if they are shared, which can lead to skb->dev becoming NULL and causing a crash in __netif_receive_skb_core(). This issue was introduced by a commit related to per network namespace packet chains and is a regression from previous behavior.

Impact Analysis

The vulnerability can cause the Linux kernel to crash due to improper handling of shared socket buffers in the ax25 protocol. This crash occurs when skb->dev becomes NULL, leading to a failure in packet reception processing. Such crashes can result in denial of service or instability in systems using the affected kernel version.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for this vulnerability, which properly unshares skbs in ax25_kiss_rcv(). This will prevent crashes caused by skb->dev becoming NULL in __netif_receive_skb_core().

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39848. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart