SB20250916256 - Improper error handling in Linux kernel xfrm
Published: September 16, 2025
Security Bulletin ID
SB20250916256
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper error handling (CVE-ID: CVE-2025-39797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the xfrm_state_lookup_byspi() and xfrm_alloc_spi() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/29e9158f91f99057dbd35db5e8674d93b38549fe
- https://git.kernel.org/stable/c/2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38
- https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544
- https://git.kernel.org/stable/c/94f39804d891cffe4ce17737d295f3b195bc7299
- https://git.kernel.org/stable/c/c67d4e7a8f90fb6361ca89d4d5c9a28f4e935e47