CVE-2025-39962

HIGH

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticket_len - 10 * 4' by prechecking the length of what we're trying to extract in two places in the token and decoding for a response packet. Also use sizeof() on the struct we're extracting rather specifying the size numerically to be consistent with the other related statements.

References (2)

[Patch] https://git.kernel.org/stable/c/2429a197648178cd4dc930a9d87c13c547460564

[Patch] https://git.kernel.org/stable/c/71571e187106631a8127f2dde780f35caa358d33

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (8)

linux/linux_kernel < 6.16.9

linux/linux_kernel

linux/Kernel < 6.16.9linux

Timeline

Published Oct 09, 2025

Tracked Since Feb 18, 2026