CVE-2025-39812

5.5 MEDIUM
Published: September 16, 2025 Modified: January 16, 2026
View on NVD

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and sin6_flowinfo. BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983 sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390 sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452 sctp_get_port net/sctp/socket.c:8523 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636 __sys_listen_socket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __do_sys_listen net/socket.c:1932 [inline] __se_sys_listen net/socket.c:1930 [inline] __x64_sys_listen+0x343/0x4c0 net/socket.c:1930 x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable addr.i.i created at: sctp_get_port net/sctp/socket.c:8515 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636 __sys_listen_socket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __do_sys_listen net/socket.c:1932 [inline] __se_sys_listen net/socket.c:1930 [inline] __x64_sys_listen+0x343/0x4c0 net/socket.c:1930

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://git.kernel.org/stable/c/17d6c7747045e9b802c2f5dfaba260d309d831ae
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/1bbc0c02aea1f1c405bd1271466889c25a1fe01b
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/2e8750469242cad8f01f320131fd5a6f540dbb99
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/45e4b36593edffb7bbee5828ae820bc10a9fa0f3
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/463aa96fca6209bb205f49f7deea3817d7ddaa3a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/65b4693d8bab5370cfcb44a275b4d8dcb06e56bf
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/9546934c2054bba1bd605c44e936619159a34027
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/f6c2cc99fc2387ba6499facd6108f6543382792d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.5 / 10.0
EPSS (Exploit Probability)
0.0%
3th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-908

Affected Vendors

debian linux

Related CVEs

CVE-2026-4910 7.3
CVE-2026-3098 6.5
CVE-2026-4909 2.4
CVE-2026-4908 7.3
CVE-2026-4907 6.3