CVE-2025-39848
Published: Sep 19, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()").
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 42b46684e2c78ee052d8c2ee8d9c2089233c9094affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 5b079be1b9da49ad88fc304c874d4be7085f7883affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 2bd0f67212908243ce88e35bf69fa77155b47b14affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 01a2984cb803f2d487b7074f9718db2bf3531f69affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 7d449b7a6c8ee434d10a483feed7c5c50108cf56+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 5.4.299 - <= 5.4.*unaffected 5.10.243 - <= 5.10.*unaffected 5.15.192 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now