CVE-2025-39917

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the bpf crypto crypt() function where the size of the destination dynamic pointer (dst) is not validated against the size of the source dynamic pointer (src) before being passed to the crypto backend. This can lead to an out-of-bounds write if the destination buffer is smaller than the source buffer. The function uses bpf dynptr data() and bpf dynptr data rw() to fetch linear buffers from each dynamic pointer. The crypto backend expects the destination buffer to be large enough to accommodate the data being written, based on the source length (src len). A check has been added to ensure src len is not greater than dst len to prevent the out-of-bounds write. This function is accessible only under root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.