Linux Kernel Vulnerability in Netlink Binding Mechanism
CVE-2025-39926

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39926?

In the Linux kernel, a vulnerability in the netlink binding mechanism arose due to inadequate capability checks. Specifically, the genl_bind() function allowed bind() callbacks to be executed even when the necessary permissions were denied, indicated by a return value of -EPERM. This flaw could enable unauthorized users to inadvertently trigger callbacks intended for legitimate callers, leading to potential security breaches. The issue has been rectified by ensuring that bind() is only invoked after successful permission verification, thus safeguarding the kernel from such unauthorized access.

Affected Version(s)

Linux 3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 98c9d884047a3051c203708914a874dece3cbe54

Linux 3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 8858c1e9405906c09589d7c336f04058ea198207

Linux 3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 1dbfb0363224f6da56f6655d596dc5097308d6f5

References

https://git.kernel.org/stable/c/98c9d884047a3051c20370891...

https://git.kernel.org/stable/c/8858c1e9405906c09589d7c33...

https://git.kernel.org/stable/c/1dbfb0363224f6da56f6655d5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON