Linux Kernel Vulnerability in TLS Stream Handling
CVE-2025-39946

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39946?

A vulnerability has been identified within the Linux kernel that affects TLS stream handling. When a socket has an insufficient buffer, the kernel may incorrectly process record headers. This flaw can lead to situations where invalid records are processed, risking an overflow of allocated socket buffer space. The vulnerability arises from the handling of small out-of-band (OOB) sends, which can be exploited to manipulate the order and timing of packet deliveries, leading to potential system instability. Developers should ensure that the system properly aborts connections upon detecting invalid records to mitigate this risk.

Affected Version(s)

Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417 < 4cefe5be73886f383639fe0850bb72d5b568a7b9

Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417 < 208640e6225cc929a05adbf79d1df558add3e231

References

https://git.kernel.org/stable/c/b36462146d86b1f22e594fe4d...

https://git.kernel.org/stable/c/4cefe5be73886f383639fe085...

https://git.kernel.org/stable/c/208640e6225cc929a05adbf79...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON