CVE-2025-39965
In the Linux kernel, the following vulnerability has been resolved:
xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value.
__xfrm_state_delete doesn't remove those states from the byspi list, since they shouldn't be there, and this shows up as a UAF the next time we go through the byspi list.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.6.103 | 6.6.109 |
| linux / linux_kernel | 6.12.43 | 6.12.50 |
| linux / linux_kernel | 6.15.11 | 6.16 |
| linux / linux_kernel | 6.16.2 | 6.16.10 |
| linux / linux_kernel | 6.17-rc1 | 6.17-rc1.x |
| linux / linux_kernel | 6.17-rc2 | 6.17-rc2.x |
| linux / linux_kernel | 6.17-rc3 | 6.17-rc3.x |
| linux / linux_kernel | 6.17-rc4 | 6.17-rc4.x |
| linux / linux_kernel | 6.17-rc5 | 6.17-rc5.x |
| linux / linux_kernel | 6.17-rc6 | 6.17-rc6.x |
| linux / linux_kernel | 6.17-rc7 | 6.17-rc7.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime