Linux Kernel Vulnerability in XFRM SPI Management
CVE-2025-39965

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-39965?

A vulnerability exists in the Linux kernel related to the xfrm subsystem where the SPI (Security Parameter Index) is incorrectly managed. The issue arises when a state is assigned a SPI value of 0, which signifies 'no SPI assigned'. Due to a previous commit, states created with this value inadvertently remain in the byspi list. The __xfrm_state_delete function fails to remove these states during list traversal, leading to a potential Use-After-Free condition. This flaw may allow an attacker to exploit memory that has already been freed, resulting in undefined behavior or system compromise.

Affected Version(s)

Linux 3d8090bb53424432fa788fe9a49e8ceca74f0544 < 0baf92d0b1590b903c1f4ead75e61715e50e8146

Linux 2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38 < 9fcedabaae0096f712bbb4ccca6a8538af1cd1c8

Linux 29e9158f91f99057dbd35db5e8674d93b38549fe

References

https://git.kernel.org/stable/c/0baf92d0b1590b903c1f4ead7...

https://git.kernel.org/stable/c/9fcedabaae0096f712bbb4ccc...

https://git.kernel.org/stable/c/a78e55776522373c446f18d50...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Apr 16, 2025

JSON