CVE-2025-39965
MEDIUM EPSS 7.4%
Published Oct 13, 20258mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Oct 13, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value. __xfrm_state_delete doesn't remove those states from the byspi list, since they shouldn't be there, and this shows up as a UAF the next time we go through the byspi list.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
7.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥6.6.103 – <6.6.109 |
| linux | linux_kernel | * | ≥6.12.43 – <6.12.50 |
| linux | linux_kernel | * | ≥6.15.11 – <6.16 |
| linux | linux_kernel | * | ≥6.16.2 – <6.16.10 |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
References 4
- git.kernel.org https://git.kernel.org/stable/c/0baf92d0b1590b903c1f4ead75e61715e50e8146
- git.kernel.org https://git.kernel.org/stable/c/9fcedabaae0096f712bbb4ccca6a8538af1cd1c8
- git.kernel.org https://git.kernel.org/stable/c/a78e55776522373c446f18d5002a8de4b09e6bf7
- git.kernel.org https://git.kernel.org/stable/c/cd8ae32e4e4652db55bce6b9c79267d8946765a9
Remediation
- git.kernel.org https://git.kernel.org/stable/c/0baf92d0b1590b903c1f4ead75e61715e50e8146
- git.kernel.org https://git.kernel.org/stable/c/9fcedabaae0096f712bbb4ccca6a8538af1cd1c8
- git.kernel.org https://git.kernel.org/stable/c/a78e55776522373c446f18d5002a8de4b09e6bf7
- git.kernel.org https://git.kernel.org/stable/c/cd8ae32e4e4652db55bce6b9c79267d8946765a9