#VU117286 Buffer overflow in Linux kernel - CVE-2025-39987
Published: October 15, 2025
Vulnerability identifier: #VU117286
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39987
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/57d332ce8c921d0e340650470bb0c1d707f216ee
- https://git.kernel.org/stable/c/7ab85762274c0fa997f0ef9a2307b2001aae43c4
- https://git.kernel.org/stable/c/8f351db6b2367991f0736b2cff082f5de4872113
- https://git.kernel.org/stable/c/ac1c7656fa717f29fac3ea073af63f0b9919ec9a
- https://git.kernel.org/stable/c/be1b25005fd0f9d4e78bec6695711ef87ee33398
- https://git.kernel.org/stable/c/def814b4ba31b563584061d6895d5ff447d5bc14
- https://git.kernel.org/stable/c/e77fdf9e33a83a08f04ab0cb68c19ddb365a622f
- https://git.kernel.org/stable/c/f2c247e9581024d8b3dd44cbe086bf2bebbef42c