7.1
CVE-2025-39839
- EPSS 0.16%
- Veröffentlicht 19.09.2025 15:26:14
- Zuletzt bearbeitet 12.05.2026 13:17:14
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
batman-adv: fix OOB read/write in network-coding decode
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.10 < 5.4.299
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.243
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.192
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.151
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.105
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.46
Linux ≫ Linux Kernel Version >= 6.13 < 6.16.6
Linux ≫ Linux Kernel Version6.17 Updaterc1
Linux ≫ Linux Kernel Version6.17 Updaterc2
Linux ≫ Linux Kernel Version6.17 Updaterc3
Linux ≫ Linux Kernel Version6.17 Updaterc4
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.058 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f
https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183
https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863
https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a
https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1
https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c
https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48
https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
https://cert-portal.siemens.com/productcert/html/ssa-089022.html