Kernel Vulnerability in Linux Network Stack Affects HSR Frame Handling
CVE-2025-39703

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39703?

A vulnerability in the Linux kernel's network stack allows for malformed HSR frames to lead to system crashes. When the kernel receives a corrupt HSR frame with insufficient space in the socket buffer (skb) for the necessary headers, it triggers a panic during the skb_push operation. This situation arises from the HSR layer improperly queuing these corrupted frames, resulting in a critical failure when the kernel attempts to handle them. The improper handling can potentially allow an attacker to cause a denial of service by exploiting this flaw through carefully crafted network packets.

Affected Version(s)

Linux f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7 < 8d9bc4a375a1ba05f7dfa0407de8e510ab9bd14d

Linux 48b491a5cc74333c4a6a82fe21cea42c055a3b0b < 3ae272ab523dd6bdc26e879027ed79feac9dd1b3

Linux 48b491a5cc74333c4a6a82fe21cea42c055a3b0b

References

https://git.kernel.org/stable/c/8d9bc4a375a1ba05f7dfa0407...

https://git.kernel.org/stable/c/3ae272ab523dd6bdc26e87902...

https://git.kernel.org/stable/c/b640188b8a6690e685939053c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025