Home

Description

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()").

PUBLISHED Reserved 2025-04-16 | Published 2025-09-19 | Updated 2025-11-03 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 42b46684e2c78ee052d8c2ee8d9c2089233c9094
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 5b079be1b9da49ad88fc304c874d4be7085f7883
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 2bd0f67212908243ce88e35bf69fa77155b47b14
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 01a2984cb803f2d487b7074f9718db2bf3531f69
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 7d449b7a6c8ee434d10a483feed7c5c50108cf56
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 89064cf534bea4bb28c83fe6bbb26657b19dd5fe
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b1c71d674a308d2fbc83efcf88bfc4217a86aa17
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 8156210d36a43e76372312c87eb5ea3dbb405a85
affected

Default status
affected

2.6.12
affected

Any version before 2.6.12
unaffected

5.4.299 (semver)
unaffected

5.10.243 (semver)
unaffected

5.15.192 (semver)
unaffected

6.1.151 (semver)
unaffected

6.6.105 (semver)
unaffected

6.12.46 (semver)
unaffected

6.16.6 (semver)
unaffected

6.17 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00008.html

lists.debian.org/debian-lts-announce/2025/10/msg00007.html

git.kernel.org/...c/42b46684e2c78ee052d8c2ee8d9c2089233c9094

git.kernel.org/...c/5b079be1b9da49ad88fc304c874d4be7085f7883

git.kernel.org/...c/2bd0f67212908243ce88e35bf69fa77155b47b14

git.kernel.org/...c/01a2984cb803f2d487b7074f9718db2bf3531f69

git.kernel.org/...c/7d449b7a6c8ee434d10a483feed7c5c50108cf56

git.kernel.org/...c/89064cf534bea4bb28c83fe6bbb26657b19dd5fe

git.kernel.org/...c/b1c71d674a308d2fbc83efcf88bfc4217a86aa17

git.kernel.org/...c/8156210d36a43e76372312c87eb5ea3dbb405a85

cve.org (CVE-2025-39848)

nvd.nist.gov (CVE-2025-39848)

Download JSON