PT-2025-37957 · Linux+4 · Linux Kernel+4

Syzbot

·

Published

2025-01-01

·

Updated

2026-05-26

·

CVE-2025-39812

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw was discovered in the Linux kernel related to the initialization of fields within the sctp v6 from sk() function in the SCTP (Stream Control Transmission Protocol) implementation. Specifically, the sin6 scope id field was not properly initialized, leading to undefined behavior. This issue was identified by syzbot, a fuzzing tool, and manifested as a KMSAN (Kernel Memory Safety Analyzer) error during address comparison within the sctp v6 cmp addr function. The vulnerability was observed during operations related to socket listening, potentially impacting network communication.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Buffer Overflow

Use of Uninitialized Resource

Weakness Enumeration

CWE-665CWE-120CWE-908

Related Identifiers

AZL-67413
AZL-74706
BDU:2025-15252
BDU:2025-15256
CVE-2025-39812
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-014F-487D-00E5
OESA-2026-2417
OESA-2026-2418
OPENSUSE-SU-2025:20091-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu