5.5

CVE-2025-39965

xfrm: xfrm_alloc_spi shouldn't use 0 as SPI

In the Linux kernel, the following vulnerability has been resolved:

xfrm: xfrm_alloc_spi shouldn't use 0 as SPI

x->id.spi == 0 means "no SPI assigned", but since commit
94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states
and add them to the byspi list with this value.

__xfrm_state_delete doesn't remove those states from the byspi list,
since they shouldn't be there, and this shows up as a UAF the next
time we go through the byspi list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.6.103 < 6.6.109
LinuxLinux Kernel Version >= 6.12.43 < 6.12.50
LinuxLinux Kernel Version >= 6.15.11 < 6.16
LinuxLinux Kernel Version >= 6.16.2 < 6.16.10
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
LinuxLinux Kernel Version6.17 Updaterc5
LinuxLinux Kernel Version6.17 Updaterc6
LinuxLinux Kernel Version6.17 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.071
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0baf92d0b1590b903c1f4ead75e61715e50e8146
Patch
https://git.kernel.org/stable/c/9fcedabaae0096f712bbb4ccca6a8538af1cd1c8
Patch
https://git.kernel.org/stable/c/a78e55776522373c446f18d5002a8de4b09e6bf7
Patch
https://git.kernel.org/stable/c/cd8ae32e4e4652db55bce6b9c79267d8946765a9
Patch