Timing Attack Vulnerability in Linux Kernel IPv6 Implementation
CVE-2025-39702

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39702?

A vulnerability in the Linux kernel's IPv6 implementation has been identified that may expose systems to timing attacks. Specifically, the lack of constant-time comparison for Message Authentication Codes (MACs) can allow attackers to infer sensitive information through careful timing analysis. To mitigate this risk, it is essential to utilize appropriate helper functions for MAC comparison that ensure constant-time execution, thus fortifying the system against potential exploitation of this weakness. Users are advised to update to the latest version of the Linux kernel to benefit from security enhancements.

Affected Version(s)

Linux bf355b8d2c30a289232042cacc1cfaea4923936c < 3b348c9c8d2ca2c67559ffd0e258ae7e1107d4f0

Linux bf355b8d2c30a289232042cacc1cfaea4923936c < 86b6d34717fe0570afce07ee79b8eeb40341f831

Linux bf355b8d2c30a289232042cacc1cfaea4923936c < 3ddd55cf19ed6cc62def5e3af10c2a9df1b861c3

References

https://git.kernel.org/stable/c/3b348c9c8d2ca2c67559ffd0e...

https://git.kernel.org/stable/c/86b6d34717fe0570afce07ee7...

https://git.kernel.org/stable/c/3ddd55cf19ed6cc62def5e3af...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025