CVE-2025-39848
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()").
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39848
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the ax25 protocol where the function ax25_kiss_rcv() improperly handles shared socket buffers (skbs). Specifically, it queues or modifies input skbs without checking if they are shared, which can lead to skb->dev becoming NULL and causing a crash in __netif_receive_skb_core(). This issue was introduced by a commit related to per network namespace packet chains and is a regression from previous behavior.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to crash due to improper handling of shared socket buffers in the ax25 protocol. This crash occurs when skb->dev becomes NULL, leading to a failure in packet reception processing. Such crashes can result in denial of service or instability in systems using the affected kernel version.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version that includes the fix for this vulnerability, which properly unshares skbs in ax25_kiss_rcv(). This will prevent crashes caused by skb->dev becoming NULL in __netif_receive_skb_core().


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart