PT-2025-36279 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-39684

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a kernel-infoleak issue in the do insn ioctl() and do insnlist ioctl() functions. A kernel buffer allocated to hold insn->n samples may not be fully initialized before data is copied to user space, leading to an information leak. This occurs when instruction handlers do not fill the entire insn->n samples, leaving uninitialized kernel data to be read by user space. Specific culprits include insn rw emulate bits() and vm80xx ai insn read().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Improper Initialization

Weakness Enumeration

CWE-908CWE-665

Related Identifiers

AZL-66953
BDU:2025-15192
CVE-2025-39684
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-7172-4EF7-DE1B
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu