Linux Kernel Vulnerability in AX.25 Protocol Affects Multiple Vendors
CVE-2025-39848

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39848?

In the Linux kernel, a vulnerability related to the AX.25 protocol has been identified, where the function ax25_kiss_rcv() fails to unshare socket buffers (skbs) correctly. This oversight can lead to potential crashes when skb->dev becomes NULL, following a regression caused by a previous commit. Such conditions can result in various undefined behaviors and system instability. The issue is notably similar to a past vulnerability that was resolved by ensuring proper skb management in related networking protocols.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 42b46684e2c78ee052d8c2ee8d9c2089233c9094

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5b079be1b9da49ad88fc304c874d4be7085f7883

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2bd0f67212908243ce88e35bf69fa77155b47b14

References

https://git.kernel.org/stable/c/42b46684e2c78ee052d8c2ee8...

https://git.kernel.org/stable/c/5b079be1b9da49ad88fc304c8...

https://git.kernel.org/stable/c/2bd0f67212908243ce88e35bf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025