CVE-2025-39839

HIGH EPSS 5.9%
Published Sep 19, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥3.10  –  <5.4.299
linuxlinux_kernel*≥5.5  –  <5.10.243
linuxlinux_kernel*≥5.11  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 12

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-089022.html
  • git.kernel.org https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a
    Patch