CVE-2025-39962
BaseFortify
Publication date: 2025-10-09
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves an untrusted unsigned subtraction in the rxrpc module, specifically in the rxgk_yfs_decode_ticket() function. The issue was a static checker warning about subtracting values without proper validation, which could lead to incorrect memory handling. The fix involved prechecking the length of data before extraction and using sizeof() for consistent size specification.
How can this vulnerability impact me? :
The vulnerability could potentially lead to improper memory handling or processing of data in the Linux kernel's rxrpc module, which might cause unexpected behavior or security issues such as crashes or data corruption. However, specific impacts are not detailed in the provided information.