CVE-2025-39917Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt Stanislav reported that in bpf_crypto_crypt() the destination dynptr's size is not validated to be at least as large as the source dynptr's size before calling into the crypto backend with 'len = src_len'. This can result in an OOB write when the destination is smaller than the source. Concretely, in mentioned function, psrc and pdst are both linear buffers fetched from

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.106.12.48+2
Debianlinux/linux_kernel< 6.12.48-1+1
CVEListV5linux/linux3e1c6f35409f9e447bf37f64840f5b65576bfb780126358df12d6f476f79251d9c398ac5c1b3062d+3
debiandebian/linux< linux 6.16.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-8xqx-42cr-fv84: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt Stanislav reported that2025-10-01
OSV
CVE-2025-39917: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt Stanislav reported that in2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt2025-10-01
Debian
CVE-2025-39917: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ou...2025