CVE-2025-39965

🗓️ 13 Oct 2025 13:48:31Reported by LinuxType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 16 Views

Fixes zero SPI treated as valid in xfrm_alloc_spi, causing use-after-free in byspi.

Reporter	Title	Published	Views	Family All 172
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1254)	28 Oct 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1244)	10 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1280)	10 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-2132)	6 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)	6 Jun 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20091-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20719)	24 Oct 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:4057-1)	13 Nov 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:4111-1)	18 Nov 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:4128-1)	19 Nov 202500:00	–	nessus

NVD

Vulners

CNA

Node

linux linux_kernelRange6.6.103–6.6.109

linux linux_kernelRange6.12.43–6.12.50

linux linux_kernelRange6.15.11–6.16

linux linux_kernelRange6.16.2–6.16.10

linux linux_kernelMatch6.17rc1

linux linux_kernelMatch6.17rc2

linux linux_kernelMatch6.17rc3

linux linux_kernelMatch6.17rc4

linux linux_kernelMatch6.17rc5

linux linux_kernelMatch6.17rc6

linux linux_kernelMatch6.17rc7

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/xfrm/xfrm_state.c"
    ],
    "versions": [
      {
        "version": "3d8090bb53424432fa788fe9a49e8ceca74f0544",
        "lessThan": "0baf92d0b1590b903c1f4ead75e61715e50e8146",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38",
        "lessThan": "9fcedabaae0096f712bbb4ccca6a8538af1cd1c8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "29e9158f91f99057dbd35db5e8674d93b38549fe",
        "lessThan": "a78e55776522373c446f18d5002a8de4b09e6bf7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "94f39804d891cffe4ce17737d295f3b195bc7299",
        "lessThan": "cd8ae32e4e4652db55bce6b9c79267d8946765a9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c67d4e7a8f90fb6361ca89d4d5c9a28f4e935e47",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6.15.11",
        "lessThan": "6.16",
        "status": "affected",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/xfrm/xfrm_state.c"
    ],
    "versions": [
      {
        "version": "6.6.103",
        "lessThan": "6.6.109",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "6.12.43",
        "lessThan": "6.12.50",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "6.16.2",
        "lessThan": "6.16.10",
        "status": "affected",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/9fcedabaae0096f712bbb4ccca6a8538af1cd1c8
git	www.git.kernel.org/stable/c/0baf92d0b1590b903c1f4ead75e61715e50e8146
git	www.git.kernel.org/stable/c/a78e55776522373c446f18d5002a8de4b09e6bf7
git	www.git.kernel.org/stable/c/cd8ae32e4e4652db55bce6b9c79267d8946765a9

23 May 2026 16:01Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.5

EPSS0.00008