SB20250916367 - Out-of-bounds write in Linux kernel atm
Published: September 16, 2025
Security Bulletin ID
SB20250916367
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2025-39828)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the vcc_sendmsg() function in net/atm/common.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffed18511a7a98efc8
- https://git.kernel.org/stable/c/33f9e6dc66b32202b95fc861e6b3ea4b0c185b0b
- https://git.kernel.org/stable/c/3ab9f5ad9baefe6d3d4c37053cdfca2761001dfe
- https://git.kernel.org/stable/c/3c80c230d6e3e6f63d43f4c3f0bb344e3e8b119b
- https://git.kernel.org/stable/c/51872b26429077be611b0a1816e0e722278015c3
- https://git.kernel.org/stable/c/62f368472b0aa4b5d91d9b983152855c6b6d8925
- https://git.kernel.org/stable/c/b502f16bad8f0a4cfbd023452766f21bfda39dde
- https://git.kernel.org/stable/c/ec79003c5f9d2c7f9576fc69b8dbda80305cbe3a