CVE-2025-39817

HIGH EPSS 4.8%
Published Sep 16, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 16, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 __asan_loadN+0x1c/0x28 memcmp+0x98/0xd0 efivarfs_d_compare+0x68/0xd8 __d_lookup_rcu_op_compare+0x178/0x218 __d_lookup_rcu+0x1f8/0x228 d_alloc_parallel+0x150/0x648 lookup_open.isra.0+0x5f0/0x8d0 open_last_lookups+0x264/0x828 path_openat+0x130/0x3f8 do_filp_open+0x114/0x248 do_sys_openat2+0x340/0x3c0 __arm64_sys_openat+0x120/0x1a0 If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become negative, leadings to oob. The issue can be triggered by parallel lookups using invalid filename: T1 T2 lookup_open ->lookup simple_lookup d_add // invalid dentry is added to hash list lookup_open d_alloc_parallel __d_lookup_rcu __d_lookup_rcu_op_compare hlist_bl_for_each_entry_rcu // invalid dentry can be retrieved ->d_compare efivarfs_d_compare // oob Fix it by checking 'guid' before cmp.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥3.8.2  –  <5.4.298
linuxlinux_kernel*≥5.5  –  <5.10.242
linuxlinux_kernel*≥5.11  –  <5.15.191
linuxlinux_kernel*≥5.16  –  <6.1.150
linuxlinux_kernel*≥6.2  –  <6.6.104
linuxlinux_kernel*≥6.7  –  <6.12.45
linuxlinux_kernel*≥6.13  –  <6.16.5
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/0f63fbabeaaaaaaf5b742a2f4c1b4590d50bf1f6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/568e7761279b99c6daa3002290fd6d8047ddb6d2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71581a82f38e5a4d807d71fc1bb59aead80ccf95
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/794399019301944fd6d2e0d7a51b3327e26c410e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/925599eba46045930b850a98ae594d2e3028ac40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6358f8cf64850f3f27857b8ed8c1b08cfc4685c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2925cd6207079c3f4d040d082515db78d63afbf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7f5e35e70507d10cbaff5f9e194ed54c4ee14f7
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0f63fbabeaaaaaaf5b742a2f4c1b4590d50bf1f6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/568e7761279b99c6daa3002290fd6d8047ddb6d2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71581a82f38e5a4d807d71fc1bb59aead80ccf95
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/794399019301944fd6d2e0d7a51b3327e26c410e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/925599eba46045930b850a98ae594d2e3028ac40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6358f8cf64850f3f27857b8ed8c1b08cfc4685c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2925cd6207079c3f4d040d082515db78d63afbf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7f5e35e70507d10cbaff5f9e194ed54c4ee14f7
    Patch