-

CVE-2025-39848

EPSS 0.03%
Veröffentlicht 19.09.2025 15:26:21
Zuletzt bearbeitet 22.09.2025 21:23:01
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ax25: properly unshare skbs in ax25_kiss_rcv()

Bernard Pidoux reported a regression apparently caused by commit
c353e8983e0d ("net: introduce per netns packet chains").

skb->dev becomes NULL and we crash in __netif_receive_skb_core().

Before above commit, different kind of bugs or corruptions could happen
without a major crash.

But the root cause is that ax25_kiss_rcv() can queue/mangle input skb
without checking if this skb is shared or not.

Many thanks to Bernard Pidoux for his help, diagnosis and tests.

We had a similar issue years ago fixed with commit 7aaed57c5c28
("phonet: properly unshare skbs in phonet_rcv()").

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 42b46684e2c78ee052d8c2ee8d9c2089233c9094

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 5b079be1b9da49ad88fc304c874d4be7085f7883

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2bd0f67212908243ce88e35bf69fa77155b47b14

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 01a2984cb803f2d487b7074f9718db2bf3531f69

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 7d449b7a6c8ee434d10a483feed7c5c50108cf56

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 89064cf534bea4bb28c83fe6bbb26657b19dd5fe

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < b1c71d674a308d2fbc83efcf88bfc4217a86aa17

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 8156210d36a43e76372312c87eb5ea3dbb405a85

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version < 2.6.12

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.299

Status unaffected

Version <= 5.10.*

Version 5.10.243

Status unaffected

Version <= 5.15.*

Version 5.15.192

Status unaffected

Version <= 6.1.*

Version 6.1.151

Status unaffected

Version <= 6.6.*

Version 6.6.105

Status unaffected

Version <= 6.12.*

Version 6.12.46

Status unaffected

Version <= 6.16.*

Version 6.16.6

Status unaffected

Version <= *

Version 6.17-rc5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/42b46684e2c78ee052d8c2ee8d9c2089233c9094

https://git.kernel.org/stable/c/5b079be1b9da49ad88fc304c874d4be7085f7883

https://git.kernel.org/stable/c/2bd0f67212908243ce88e35bf69fa77155b47b14

https://git.kernel.org/stable/c/01a2984cb803f2d487b7074f9718db2bf3531f69

https://git.kernel.org/stable/c/7d449b7a6c8ee434d10a483feed7c5c50108cf56

https://git.kernel.org/stable/c/89064cf534bea4bb28c83fe6bbb26657b19dd5fe

https://git.kernel.org/stable/c/b1c71d674a308d2fbc83efcf88bfc4217a86aa17

https://git.kernel.org/stable/c/8156210d36a43e76372312c87eb5ea3dbb405a85

https://nvd.nist.gov/vuln/detail/CVE-2025-39848

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39848

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39848

EUVD