CVE-2025-39848
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: properly unshare skbs in ax25_kiss_rcv()
Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains").
skb->dev becomes NULL and we crash in __netif_receive_skb_core().
Before above commit, different kind of bugs or corruptions could happen without a major crash.
But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not.
Many thanks to Bernard Pidoux for his help, diagnosis and tests.
We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()").
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 42b46684e2c78ee052d8c2ee8d9c2089233c9094 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5b079be1b9da49ad88fc304c874d4be7085f7883 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2bd0f67212908243ce88e35bf69fa77155b47b14 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 01a2984cb803f2d487b7074f9718db2bf3531f69 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7d449b7a6c8ee434d10a483feed7c5c50108cf56 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 89064cf534bea4bb28c83fe6bbb26657b19dd5fe | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b1c71d674a308d2fbc83efcf88bfc4217a86aa17 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8156210d36a43e76372312c87eb5ea3dbb405a85 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.4.299 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.243 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.192 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.151 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.105 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.46 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.6 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Additional References
References
- https://git.kernel.org/stable/c/42b46684e2c78ee052d8c2ee8d9c2089233c9094
- https://git.kernel.org/stable/c/5b079be1b9da49ad88fc304c874d4be7085f7883
- https://git.kernel.org/stable/c/2bd0f67212908243ce88e35bf69fa77155b47b14
- https://git.kernel.org/stable/c/01a2984cb803f2d487b7074f9718db2bf3531f69
- https://git.kernel.org/stable/c/7d449b7a6c8ee434d10a483feed7c5c50108cf56
- https://git.kernel.org/stable/c/89064cf534bea4bb28c83fe6bbb26657b19dd5fe
- https://git.kernel.org/stable/c/b1c71d674a308d2fbc83efcf88bfc4217a86aa17
- https://git.kernel.org/stable/c/8156210d36a43e76372312c87eb5ea3dbb405a85
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.