CVE-2025-39926

Summary

In the Linux kernel, the following vulnerability has been resolved:

genetlink: fix genl_bind() invoking bind() after -EPERM

Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners.

However, in genl_bind() the bind() callback was invoked even if capability checks failed and ret was set to -EPERM. This means that callbacks could run on behalf of unauthorized callers while the syscall still returned failure to user space.

Fix this by only invoking bind() after "if (ret) break;" check i.e. after permission checks have succeeded.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 98c9d884047a3051c203708914a874dece3cbe54affected
LinuxLinux3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 8858c1e9405906c09589d7c336f04058ea198207affected
LinuxLinux3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 1dbfb0363224f6da56f6655d596dc5097308d6f5affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.48 <= 6.12.*unaffected
LinuxLinux6.16.8 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References