CVE-2025-39917

EPSS 0.02%
Veröffentlicht 01.10.2025 08:15:34
Zuletzt bearbeitet 02.10.2025 19:12:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt

Stanislav reported that in bpf_crypto_crypt() the destination dynptr's
size is not validated to be at least as large as the source dynptr's
size before calling into the crypto backend with 'len = src_len'. This
can result in an OOB write when the destination is smaller than the
source.

Concretely, in mentioned function, psrc and pdst are both linear
buffers fetched from each dynptr:

  psrc = __bpf_dynptr_data(src, src_len);
  [...]
  pdst = __bpf_dynptr_data_rw(dst, dst_len);
  [...]
  err = decrypt ?
        ctx->type->decrypt(ctx->tfm, psrc, pdst, src_len, piv) :
        ctx->type->encrypt(ctx->tfm, psrc, pdst, src_len, piv);

The crypto backend expects pdst to be large enough with a src_len length
that can be written. Add an additional src_len > dst_len check and bail
out if it's the case. Note that these kfuncs are accessible under root
privileges only.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 0126358df12d6f476f79251d9c398ac5c1b3062d

Version 3e1c6f35409f9e447bf37f64840f5b65576bfb78

Status affected

Version < c4be24ef0510c146dca4671effb127e97631534b

Version 3e1c6f35409f9e447bf37f64840f5b65576bfb78

Status affected

Version < f9bb6ffa7f5ad0f8ee0f53fc4a10655872ee4a14

Version 3e1c6f35409f9e447bf37f64840f5b65576bfb78

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.10

Status affected

Version < 6.10

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.48

Status unaffected

Version <= 6.16.*

Version 6.16.8

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/0126358df12d6f476f79251d9c398ac5c1b3062d

https://git.kernel.org/stable/c/c4be24ef0510c146dca4671effb127e97631534b

https://git.kernel.org/stable/c/f9bb6ffa7f5ad0f8ee0f53fc4a10655872ee4a14

https://nvd.nist.gov/vuln/detail/CVE-2025-39917

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39917

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39917

EUVD