CVE-2025-39962

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to an untrusted unsigned subtract operation within the rxrpc subsystem. Specifically, a Smatch static checker warning was identified in the rxgk yfs decode ticket() function within net/rxrpc/rxgk app.c. The issue involves a potential vulnerability when subtracting values related to the length of data being extracted, potentially leading to unexpected behavior. The fix involves prechecking the length of the data being extracted and using sizeof() to determine the size of the structure being processed, ensuring consistency with other related statements.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.