Kernel Vulnerability in Linux SCTP Network Stack
CVE-2025-39812

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39812?

A vulnerability exists in the Linux kernel related to the SCTP (Stream Control Transmission Protocol) network stack, specifically due to improper initialization of certain fields, including sin6_scope_id in the function sctp_v6_from_sk(). This oversight could lead to undefined behaviors, potentially allowing local attackers to exploit the vulnerability. The issue has been addressed by initializing the affected fields, thus enhancing the stability and security of the SCTP implementation within the kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 45e4b36593edffb7bbee5828ae820bc10a9fa0f3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9546934c2054bba1bd605c44e936619159a34027

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 17d6c7747045e9b802c2f5dfaba260d309d831ae

References

https://git.kernel.org/stable/c/45e4b36593edffb7bbee5828a...

https://git.kernel.org/stable/c/9546934c2054bba1bd605c44e...

https://git.kernel.org/stable/c/17d6c7747045e9b802c2f5dfa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025