#VU114960 Buffer overflow in Linux kernel - CVE-2025-39718
Published: September 8, 2025
Vulnerability identifier: #VU114960
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39718
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtio_transport_rx_work() function in net/vmw_vsock/virtio_transport.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0dab92484474587b82e8e0455839eaf5ac7bf894
- https://git.kernel.org/stable/c/676f03760ca1d69c2470cef36c44dc152494b47c
- https://git.kernel.org/stable/c/969b06bd8b7560efb100a34227619e7d318fbe05
- https://git.kernel.org/stable/c/ee438c492b2e0705d819ac0e25d04fae758d8f8f
- https://git.kernel.org/stable/c/faf332a10372390ce65d0b803888f4b25a388335