Out-of-Bounds Read/Write Vulnerability in Linux Kernel Affecting batman-adv
CVE-2025-39839
What is CVE-2025-39839?
A vulnerability has been identified in the Linux kernel's batman-adv component, specifically within the network coding decode process. The function batadv_nc_skb_decode_packet() is susceptible to an out-of-bounds read and a small out-of-bounds write due to improper validation of the 'coded_len' parameter. This vulnerability occurs as the function only checks 'coded_len' against 'skb->len', ignoring essential checks on the source skb length. As a result, if 'coded_len' exceeds the appropriate boundaries, it may lead to potential memory corruption. The issue has been addressed by implementing tighter validation to ensure that 'coded_len' is within the acceptable range of both destination and source sk_buffs.
Affected Version(s)
Linux 2df5278b0267c799f3e877e8eeddbb6e93cda0bb < 30fc47248f02b8a14a61df469e1da4704be1a19f
Linux 2df5278b0267c799f3e877e8eeddbb6e93cda0bb < 1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183
Linux 2df5278b0267c799f3e877e8eeddbb6e93cda0bb < 5d334bce9fad58cf328d8fa14ea1fff855819863