CVE-2025-39770

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel related to Generic Segmentation Offload (GSO) and IPv6 packets with extension headers. Specifically, the kernel incorrectly requests checksum offload for IPv6 packets containing extension headers on devices that only support IPV6 CSUM, which is not designed to handle such packets. This can lead to a skb warn bad offload warning and a reduction in network throughput as the device attempts an unsupported operation. The issue arises from a failure to disable checksum offload for packets with extension headers, such as those used in GREoIPv6 tunnels. The exception to this is BIG TCP extension, which is only enabled on devices that support BIG TCP TSO.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-841

Related Identifiers

AZL-74664

BDU:2025-15830

CVE-2025-39770

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-79CA-12F3-AE37

OESA-2026-2417

OESA-2026-2418

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03601-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3725-1

SUSE-SU-2025:3751-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-39770

Weakness Enumeration

Related Identifiers

Affected Products

References · 3116