TCP Vulnerability in Linux Kernel Affecting Socket Management
CVE-2025-39913

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39913?

A vulnerability exists in the Linux kernel's TCP BPF implementation, where a failure to allocate memory for the 'psock->cork' structure during a data transmission can lead to improper handling of socket messages. This issue arises when a program attached to a SOCKMAP attempts to handle data smaller than specified bytes, but fails silently due to error conditions. When this occurs, necessary state changes made to socket buffer allocations are not reverted, potentially resulting in inconsistent behavior or crashes. The vulnerability was highlighted through syzbot findings, prompting a need for improved error handling routines to ensure robust socket management.

Affected Version(s)

Linux 4f738adba30a7cfc006f605707e7aee847ffefa0 < 9c2a6456bdf9794474460d885c359b6c4522d6e3

Linux 4f738adba30a7cfc006f605707e7aee847ffefa0 < 66bcb04a441fbf15d66834b7e3eefb313dd750c8

Linux 4f738adba30a7cfc006f605707e7aee847ffefa0 < 539920180c55f5e13a2488a2339f94e6b8cb69e0

References

https://git.kernel.org/stable/c/9c2a6456bdf9794474460d885...

https://git.kernel.org/stable/c/66bcb04a441fbf15d66834b7e...

https://git.kernel.org/stable/c/539920180c55f5e13a2488a23...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON