#VU115625 Out-of-bounds write in Linux kernel - CVE-2025-39828
Published: September 16, 2025
Vulnerability identifier: #VU115625
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39828
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the vcc_sendmsg() function in net/atm/common.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffed18511a7a98efc8
- https://git.kernel.org/stable/c/33f9e6dc66b32202b95fc861e6b3ea4b0c185b0b
- https://git.kernel.org/stable/c/3ab9f5ad9baefe6d3d4c37053cdfca2761001dfe
- https://git.kernel.org/stable/c/3c80c230d6e3e6f63d43f4c3f0bb344e3e8b119b
- https://git.kernel.org/stable/c/51872b26429077be611b0a1816e0e722278015c3
- https://git.kernel.org/stable/c/62f368472b0aa4b5d91d9b983152855c6b6d8925
- https://git.kernel.org/stable/c/b502f16bad8f0a4cfbd023452766f21bfda39dde
- https://git.kernel.org/stable/c/ec79003c5f9d2c7f9576fc69b8dbda80305cbe3a