CVE-2025-39673

MEDIUM EPSS 1.3%
Published Sep 5, 202510mo ago · Modified Jun 17, 20262w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Sep 5, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held. If the only channel is deleted in ppp_disconnect_channel(), list_first_entry() may access an empty head or a freed entry, and trigger a panic. 2. pch->chan can be NULL. When ppp_unregister_channel() is called, pch->chan is set to NULL before pch is removed from ppp->channels. Fix these by using a lockless RCU approach: - Use list_first_or_null_rcu() to safely test and access the first list entry. - Convert list modifications on ppp->channels to their RCU variants and add synchronize_net() after removal. - Check for a NULL pch->chan before dereferencing it.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.13  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.149
linuxlinux_kernel*≥6.2  –  <6.6.103
linuxlinux_kernel*≥6.7  –  <6.12.44
linuxlinux_kernel*≥6.13  –  <6.16.4
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 8

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/0417adf367a0af11adf7ace849af4638cfb573f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f1630be6fcca3f0c63e4b242ad202e5cde28a40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94731cc551e29511d85aa8dec61a6c071b1f2430
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a1969fbffc1f1900d92d7594b1b7d8d72ef3dc7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca18d751bcc9faf5b7e82e9fae1223d103928181
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f97f6475fdcb3c28ff3c55cc4b7bde632119ec08
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0417adf367a0af11adf7ace849af4638cfb573f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f1630be6fcca3f0c63e4b242ad202e5cde28a40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94731cc551e29511d85aa8dec61a6c071b1f2430
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a1969fbffc1f1900d92d7594b1b7d8d72ef3dc7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca18d751bcc9faf5b7e82e9fae1223d103928181
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f97f6475fdcb3c28ff3c55cc4b7bde632119ec08
    Patch