Linux Kernel Vulnerability in TLS Stream Handling
CVE-2025-39946
What is CVE-2025-39946?
A vulnerability has been identified within the Linux kernel that affects TLS stream handling. When a socket has an insufficient buffer, the kernel may incorrectly process record headers. This flaw can lead to situations where invalid records are processed, risking an overflow of allocated socket buffer space. The vulnerability arises from the handling of small out-of-band (OOB) sends, which can be exploited to manipulate the order and timing of packet deliveries, leading to potential system instability. Developers should ensure that the system properly aborts connections upon detecting invalid records to mitigate this risk.
Affected Version(s)
Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417 < 4cefe5be73886f383639fe0850bb72d5b568a7b9
Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417 < 208640e6225cc929a05adbf79d1df558add3e231