Home

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-19 | Updated 2025-11-03 | Assigner Linux

Product status

Default status
unaffected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before 30fc47248f02b8a14a61df469e1da4704be1a19f
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before 1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before 5d334bce9fad58cf328d8fa14ea1fff855819863
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before dce6c2aa70e94c04c523b375dfcc664d7a0a560a
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before bb37252c9af1cb250f34735ee98f80b46be3cef1
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before 20080709457bc1e920eb002483d7d981d9b2ac1c
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before a67c6397fcb7e842d3c595243049940970541c48
affected

2df5278b0267c799f3e877e8eeddbb6e93cda0bb (git) before d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087
affected

Default status
affected

3.10
affected

Any version before 3.10
unaffected

5.4.299 (semver)
unaffected

5.10.243 (semver)
unaffected

5.15.192 (semver)
unaffected

6.1.151 (semver)
unaffected

6.6.105 (semver)
unaffected

6.12.46 (semver)
unaffected

6.16.6 (semver)
unaffected

6.17 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00008.html

lists.debian.org/debian-lts-announce/2025/10/msg00007.html

git.kernel.org/...c/30fc47248f02b8a14a61df469e1da4704be1a19f

git.kernel.org/...c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183

git.kernel.org/...c/5d334bce9fad58cf328d8fa14ea1fff855819863

git.kernel.org/...c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a

git.kernel.org/...c/bb37252c9af1cb250f34735ee98f80b46be3cef1

git.kernel.org/...c/20080709457bc1e920eb002483d7d981d9b2ac1c

git.kernel.org/...c/a67c6397fcb7e842d3c595243049940970541c48

git.kernel.org/...c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087

cve.org (CVE-2025-39839)

nvd.nist.gov (CVE-2025-39839)

Download JSON