Kernel vulnerability affecting Linux ATM subsystem by Linux Foundation
CVE-2025-39828

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39828?

A vulnerability exists within the Linux kernel's ATM subsystem that allows for arbitrary writes due to insufficient validation of message lengths during certain send operations. This flaw can be exploited when the atmtcp_recv_control() function is called, facilitating unauthorized modifications of kernel pointers. The issue stems from a user-space manipulation leading to potential system instability and security risks, as the lack of checks permits malicious actors to corrupt memory space, compromising system integrity. Developers are encouraged to apply the patch to avoid exploitation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0a6a6d4fb333f7afe22e59ffed18511a7a98efc8

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 62f368472b0aa4b5d91d9b983152855c6b6d8925

References

https://git.kernel.org/stable/c/b502f16bad8f0a4cfbd023452...

https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffe...

https://git.kernel.org/stable/c/62f368472b0aa4b5d91d9b983...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025