CVE-2025-39984Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference6 documents5 sources
Severity
7.3HIGH
No vector
EPSS
0.0%
top 93.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in napi_frags_skb net/core/gro.c:723 [inline] BUG: KASAN: slab-use-after-free in napi_gro_frags+0x6e/0x1030 net/core/gro.c:758 Read of size 8 at addr ffff88802ef22c18 by task syz.0.17/6079 CPU: 0 UID: 0 PID: 6079 Comm: syz.0.17

Affected Packages4 packages

Linuxlinux/linux_kernel6.9.06.12.50+1
Debianlinux/linux_kernel< 6.12.57-1+1
CVEListV5linux/linuxe6d5dbdd20aa6a86974af51deb9414cd2e7794cb953200d56fc23eebf80a5ad9eed6e2e8a3065093+3
debiandebian/linux< linux 6.16.10-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-3cpf-qphm-hqhv: In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG2025-10-15
OSV
net: tun: Update napi->skb after XDP process2025-10-15
OSV
CVE-2025-39984: In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: K2025-10-15

📋Vendor Advisories

2
Red Hat
kernel: net: tun: Update napi->skb after XDP process2025-10-15
Debian
CVE-2025-39984: linux - In the Linux kernel, the following vulnerability has been resolved: net: tun: U...2025