CVE-2025-39962 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39962 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticket_len - 10 * 4' by prechecking the length of what we're trying to extract in two places in the token and decoding for a response packet. Also use sizeof() on the struct we're extracting rather specifying the size numerically to be consistent with the other related statements.

EPSS 0.02% · 4.7th percentile

Risk Scores

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.17, 6.17, 6.17
Linux	Linux	9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a, 6.16, 6.17

Timeline

Jan 21, 1970 Security Advisory
Oct 9, 2025 Coalition ESS Score
Oct 9, 2025 CVE Published
Oct 10, 2025 EPSS Score
Oct 16, 2025 EPSS Score
Oct 21, 2025 EPSS Score
Oct 27, 2025 EPSS Score
Nov 2, 2025 EPSS Score
Nov 8, 2025 EPSS Score
Nov 13, 2025 EPSS Score
Nov 16, 2025 Coalition ESS Score
Nov 19, 2025 EPSS Score

References

Open in Interactive Console →