IPv6 Checksum Offload Issue in Linux Kernel Affects Network Performance
CVE-2025-39770

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39770?

A vulnerability in the Linux kernel's handling of IPv6 packets has been identified, specifically concerning Generic Segmentation Offload (GSO) with extension headers. When the kernel processes IPv6 packets featuring extensions, it erroneously permits checksum offloading on devices that only advertise the NETIF_F_IPV6_CSUM capability. This oversight leads to a significant compatibility issue, causing warnings in the kernel log and potentially disrupting network throughput. The correct protocol requires that the GSO logic prohibits checksum offloading for packets with such extensions, helping to maintain network stability and performance.

Affected Version(s)

Linux a84978a9cda68f0afe3f01d476c68db21526baf1

Linux c69bc67c1cb211aa390bea6e512bb01b1241fefb < 2156d9e9f2e483c8c3906c0ea57ea312c1424235

Linux 04c20a9356f283da623903e81e7c6d5df7e4dc3c < 041e2f945f82fdbd6fff577b79c33469430297aa

References

https://git.kernel.org/stable/c/a0478d7e888028f85fa7785ea...

https://git.kernel.org/stable/c/2156d9e9f2e483c8c3906c0ea...

https://git.kernel.org/stable/c/041e2f945f82fdbd6fff577b7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025