CVE-2025-39898 — Heap-based Buffer Overflow in Kernel

CWE-122 — Heap-based Buffer Overflow6 documents5 sources

Severity

9.8CRITICAL

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Msrc Azl3 Kernel 6.6.104.2-4 ON Azure Linux 3.0 Msrc Azl3 Kernel 6.6.96.2-2 ON Azure Linux 3.0

Timeline

PublishedOct 1

Latest updateOct 14

Description

e1000e: fix heap overflow in e1000_set_eeprom In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000_set_eeprom Fix a possible heap overflow in e1000_set_eeprom function by adding input validation for the requested length of the change in the EEPROM. In addition, change the variable type from int to size_t for better code practices and rearrange declarations to RCT.

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.24 — 5.4.299+6

▶Debianlinux/linux_kernel< 5.10.244-1+3

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.104.2-4_on_azure_linux_3.0

🔴Vulnerability Details

OSV

e1000e: fix heap overflow in e1000_set_eeprom↗2025-10-01

▶

GHSA

GHSA-46jx-rccq-85v5: In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000_set_eeprom Fix a possible heap overflow in e1↗2025-10-01

▶

OSV

CVE-2025-39898: In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000_set_eeprom Fix a possible heap overflow in e100↗2025-10-01

▶

📋Vendor Advisories

Microsoft

e1000e: fix heap overflow in e1000_set_eeprom↗2025-10-14

▶

Red Hat

kernel: e1000e: fix heap overflow in e1000_set_eeprom↗2025-10-01

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws↗2025-10-14

▶