Linux Kernel VXLAN Devices Vulnerable to Improper Proxy Handling by Vendor Linux
CVE-2025-39850

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
19 September 2025

What is CVE-2025-39850?

A vulnerability exists in Linux Kernel's VXLAN devices where the proxy option, when enabled, can lead to improper handling of ARP requests and IPv6 Neighbor Solicitation messages. If a valid neighbor entry is configured but associated with an incorrect FDB nexthop group, the kernel may erroneously assume the MAC address points to a valid remote destination. This misjudgment can result in a Null Pointer Dereference (NPD) when the system tries to dereference a non-existent remote destination. To mitigate this risk, the code should implement checks to confirm the existence of the remote destination before proceeding.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1274e1cc42264d4e629841e4f182795cb0becfd2

Linux 1274e1cc42264d4e629841e4f182795cb0becfd2 < 8cfa0f076842f9b3b4eb52ae0e41d16e25cbf8fa

Linux 1274e1cc42264d4e629841e4f182795cb0becfd2 < 1f5d2fd1ca04a23c18b1bde9a43ce2fa2ffa1bce

References

https://git.kernel.org/stable/c/e211e3f4199ac829bd493632e...
https://git.kernel.org/stable/c/8cfa0f076842f9b3b4eb52ae0...
https://git.kernel.org/stable/c/1f5d2fd1ca04a23c18b1bde9a...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.