CVE-2025-39962
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix untrusted unsigned subtract
Fix the following Smatch static checker warning:
net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticket_len - 10 * 4'
by prechecking the length of what we're trying to extract in two places in the token and decoding for a response packet.
Also use sizeof() on the struct we're extracting rather specifying the size numerically to be consistent with the other related statements.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.16 | 6.16.9 |
| linux / linux_kernel | 6.17-rc1 | 6.17-rc1.x |
| linux / linux_kernel | 6.17-rc2 | 6.17-rc2.x |
| linux / linux_kernel | 6.17-rc3 | 6.17-rc3.x |
| linux / linux_kernel | 6.17-rc4 | 6.17-rc4.x |
| linux / linux_kernel | 6.17-rc5 | 6.17-rc5.x |
| linux / linux_kernel | 6.17-rc6 | 6.17-rc6.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime