CVE-2025-39926 — Incorrect Privilege Assignment in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Description
In the Linux kernel, the following vulnerability has been resolved:
genetlink: fix genl_bind() invoking bind() after -EPERM
Per family bind/unbind callbacks were introduced to allow families
to track multicast group consumer presence, e.g. to start or stop
producing events depending on listeners.
However, in genl_bind() the bind() callback was invoked even if
capability checks failed and ret was set to -EPERM. This means that
callbacks could run on behalf of unauthorized callers while the
sys…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linux3de21a8990d3c2cc507e9cc4ed00f36358d5b93e — 98c9d884047a3051c203708914a874dece3cbe54+3
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-f9wm-ppg2-pc92: In the Linux kernel, the following vulnerability has been resolved:
genetlink: fix genl_bind() invoking bind() after -EPERM
Per family bind/unbind c↗2025-10-01
OSV▶
CVE-2025-39926: In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genl_bind() invoking bind() after -EPERM Per family bind/unbind cal↗2025-10-01