Vulnerability in Linux Kernel's RXRPC Feature Due to Incorrect Subtraction
CVE-2025-39962
Currently unrated
What is CVE-2025-39962?
A vulnerability exists in the Linux kernel's RXRPC implementation, which could lead to untrusted unsigned subtraction during the decoding process of response packets. The issue arises in the function that decodes tickets, where the length of the ticket is not adequately pre-checked, potentially allowing for a denial-of-service scenario or other unexpected behavior. The recent fix addresses this by ensuring proper validation and consistency in the struct handling, enhancing the security of the kernel and mitigating risks associated with this flaw.
Affected Version(s)
Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 71571e187106631a8127f2dde780f35caa358d33
Linux 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 2429a197648178cd4dc930a9d87c13c547460564
Linux 6.16