Duplicate SPI Handling Vulnerability Affects Linux Kernel
CVE-2025-39797
What is CVE-2025-39797?
A vulnerability in the Linux kernel allows Strongswan to initiate an XFRM_MSG_ALLOCSPI Netlink message, leading to duplicate Security Parameter Index (SPI) assignments for inbound Security Associations (SAs). This occurs when the kernel function xfrm_alloc_spi() does not ensure the uniqueness of SPIs, permitting multiple SAs to operate under the same SPI distinguished only by destination addresses. Consequently, SPI lookups for inbound packets may yield arbitrary results, increasing the risk of packet drops due to inconsistencies. The issue can be reproduced by configuring a limited SPI range, effectively exhausting the pool and triggering the duplicate assignment. Proposed changes involve implementing a global search across all states to correctly handle SPI and protocol matches, enhancing the integrity of packet processing.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3d8090bb53424432fa788fe9a49e8ceca74f0544
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2