Vulnerability-Lookup

CVE-2025-39963 (GCVE-0-2025-39963)

Vulnerability from cvelistv5 – Published: 2025-10-09 12:13 – Updated: 2026-05-11 21:39

Title

io_uring: fix incorrect io_kiocb reference in io_link_skb

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In io_link_skb function, there is a bug where prev_notif is incorrectly assigned using 'nd' instead of 'prev_nd'. This causes the context validation check to compare the current notification with itself instead of comparing it with the previous notification. Fix by using the correct prev_nd parameter when obtaining prev_notif.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/a89c34babc2e5834a…
https://git.kernel.org/stable/c/50a98ce1ea694f1ff…
https://git.kernel.org/stable/c/2c139a47eff8de24e…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 6fe4220912d19152a26ce19713ab232f4263018d , < a89c34babc2e5834aa0905278f26f4dbe4b26b76 (git) Affected: 6fe4220912d19152a26ce19713ab232f4263018d , < 50a98ce1ea694f1ff8e87bc2f8f84096d1736f6a (git) Affected: 6fe4220912d19152a26ce19713ab232f4263018d , < 2c139a47eff8de24e3350dadb4c9d5e3426db826 (git)
Linux	Linux	Affected: 6.10 Unaffected: 0 , < 6.10 (semver) Unaffected: 6.12.49 , ≤ 6.12.* (semver) Unaffected: 6.16.9 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/notif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a89c34babc2e5834aa0905278f26f4dbe4b26b76",
              "status": "affected",
              "version": "6fe4220912d19152a26ce19713ab232f4263018d",
              "versionType": "git"
            },
            {
              "lessThan": "50a98ce1ea694f1ff8e87bc2f8f84096d1736f6a",
              "status": "affected",
              "version": "6fe4220912d19152a26ce19713ab232f4263018d",
              "versionType": "git"
            },
            {
              "lessThan": "2c139a47eff8de24e3350dadb4c9d5e3426db826",
              "status": "affected",
              "version": "6fe4220912d19152a26ce19713ab232f4263018d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/notif.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.49",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.9",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix incorrect io_kiocb reference in io_link_skb\n\nIn io_link_skb function, there is a bug where prev_notif is incorrectly\nassigned using \u0027nd\u0027 instead of \u0027prev_nd\u0027. This causes the context\nvalidation check to compare the current notification with itself instead\nof comparing it with the previous notification.\n\nFix by using the correct prev_nd parameter when obtaining prev_notif."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:39:48.858Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a89c34babc2e5834aa0905278f26f4dbe4b26b76"
        },
        {
          "url": "https://git.kernel.org/stable/c/50a98ce1ea694f1ff8e87bc2f8f84096d1736f6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c139a47eff8de24e3350dadb4c9d5e3426db826"
        }
      ],
      "title": "io_uring: fix incorrect io_kiocb reference in io_link_skb",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39963",
    "datePublished": "2025-10-09T12:13:23.345Z",
    "dateReserved": "2025-04-16T07:20:57.149Z",
    "dateUpdated": "2026-05-11T21:39:48.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-39963",
      "date": "2026-06-05",
      "epss": "0.00014",
      "percentile": "0.02704"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-39963\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-09T13:15:32.517\",\"lastModified\":\"2026-02-26T23:03:40.720\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nio_uring: fix incorrect io_kiocb reference in io_link_skb\\n\\nIn io_link_skb function, there is a bug where prev_notif is incorrectly\\nassigned using \u0027nd\u0027 instead of \u0027prev_nd\u0027. This causes the context\\nvalidation check to compare the current notification with itself instead\\nof comparing it with the previous notification.\\n\\nFix by using the correct prev_nd parameter when obtaining prev_notif.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10\",\"versionEndExcluding\":\"6.12.49\",\"matchCriteriaId\":\"B5A5D976-D1DD-49E0-8391-4B3365905BD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.16.9\",\"matchCriteriaId\":\"638DD910-1189-4F5E-98BF-2D436B695112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"327D22EF-390B-454C-BD31-2ED23C998A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C730CD9A-D969-4A8E-9522-162AAF7C0EE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"39982C4B-716E-4B2F-8196-FA301F47807D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"340BEEA9-D70D-4290-B502-FBB1032353B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"47E4C5C0-079F-4838-971B-8C503D48FCC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A4516A6-C12E-42A4-8C0E-68AEF3264504\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2c139a47eff8de24e3350dadb4c9d5e3426db826\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/50a98ce1ea694f1ff8e87bc2f8f84096d1736f6a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a89c34babc2e5834aa0905278f26f4dbe4b26b76\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}

SUSE-SU-2026:20202-1

Vulnerability from csaf_suse - Published: 2026-01-28 10:27 - Updated: 2026-01-28 10:27

Summary

Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

Description of the patch: This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437). - CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196). The following non security issues was fixed: - Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).

Patchnames: SUSE-SLES-16.0-205

CVE-2025-39963

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-40204

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-40212

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

19 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1251982	self
https://bugzilla.suse.com/1252270	self
https://bugzilla.suse.com/1253437	self
https://bugzilla.suse.com/1254196	self
https://www.suse.com/security/cve/CVE-2025-39963/	self
https://www.suse.com/security/cve/CVE-2025-40204/	self
https://www.suse.com/security/cve/CVE-2025-40212/	self
https://www.suse.com/security/cve/CVE-2025-39963	external
https://bugzilla.suse.com/1251819	external
https://bugzilla.suse.com/1251982	external
https://www.suse.com/security/cve/CVE-2025-40204	external
https://bugzilla.suse.com/1253436	external
https://bugzilla.suse.com/1253437	external
https://www.suse.com/security/cve/CVE-2025-40212	external
https://bugzilla.suse.com/1254195	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).\n- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).\n- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).\n\nThe following non security issues was fixed:\n\n- Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-205",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20202-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:20202-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620202-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:20202-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024017.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251982",
        "url": "https://bugzilla.suse.com/1251982"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252270",
        "url": "https://bugzilla.suse.com/1252270"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253437",
        "url": "https://bugzilla.suse.com/1253437"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1254196",
        "url": "https://bugzilla.suse.com/1254196"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-39963 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-39963/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40204 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40204/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40212 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40212/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)",
    "tracking": {
      "current_release_date": "2026-01-28T10:27:58Z",
      "generator": {
        "date": "2026-01-28T10:27:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:20202-1",
      "initial_release_date": "2026-01-28T10:27:58Z",
      "revision_history": [
        {
          "date": "2026-01-28T10:27:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
                  "product_id": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
                "product": {
                  "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
                  "product_id": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
                  "product_id": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x"
        },
        "product_reference": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x"
        },
        "product_reference": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-39963",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-39963"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix incorrect io_kiocb reference in io_link_skb\n\nIn io_link_skb function, there is a bug where prev_notif is incorrectly\nassigned using \u0027nd\u0027 instead of \u0027prev_nd\u0027. This causes the context\nvalidation check to compare the current notification with itself instead\nof comparing it with the previous notification.\n\nFix by using the correct prev_nd parameter when obtaining prev_notif.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-39963",
          "url": "https://www.suse.com/security/cve/CVE-2025-39963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251819 for CVE-2025-39963",
          "url": "https://bugzilla.suse.com/1251819"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251982 for CVE-2025-39963",
          "url": "https://bugzilla.suse.com/1251982"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-28T10:27:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-39963"
    },
    {
      "cve": "CVE-2025-40204",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40204"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40204",
          "url": "https://www.suse.com/security/cve/CVE-2025-40204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253436 for CVE-2025-40204",
          "url": "https://bugzilla.suse.com/1253436"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253437 for CVE-2025-40204",
          "url": "https://bugzilla.suse.com/1253437"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-28T10:27:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40204"
    },
    {
      "cve": "CVE-2025-40212",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40212"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix refcount leak in nfsd_set_fh_dentry()\n\nnfsd exports a \"pseudo root filesystem\" which is used by NFSv4 to find\nthe various exported filesystems using LOOKUP requests from a known root\nfilehandle.  NFSv3 uses the MOUNT protocol to find those exported\nfilesystems and so is not given access to the pseudo root filesystem.\n\nIf a v3 (or v2) client uses a filehandle from that filesystem,\nnfsd_set_fh_dentry() will report an error, but still stores the export\nin \"struct svc_fh\" even though it also drops the reference (exp_put()).\nThis means that when fh_put() is called an extra reference will be dropped\nwhich can lead to use-after-free and possible denial of service.\n\nNormal NFS usage will not provide a pseudo-root filehandle to a v3\nclient.  This bug can only be triggered by the client synthesising an\nincorrect filehandle.\n\nTo fix this we move the assignments to the svc_fh later, after all\npossible error cases have been detected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40212",
          "url": "https://www.suse.com/security/cve/CVE-2025-40212"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1254195 for CVE-2025-40212",
          "url": "https://bugzilla.suse.com/1254195"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-28T10:27:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40212"
    }
  ]
}

WID-SEC-W-2025-2249

Vulnerability from csaf_certbund - Published: 2025-10-09 22:00 - Updated: 2026-04-09 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2025-39960

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2025-39961

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2025-39962

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2025-39963

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

References

35 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lore.kernel.org/linux-cve-announce/	external
https://lore.kernel.org/linux-cve-announce/202510…	external
https://lore.kernel.org/linux-cve-announce/202510…	external
https://lore.kernel.org/linux-cve-announce/202510…	external
https://lore.kernel.org/linux-cve-announce/202510…	external
https://linux.oracle.com/errata/ELSA-2025-20719.html	external
https://docs.cloud.google.com/container-optimized…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-8100-1	external
https://ubuntu.com/security/notices/USN-8095-2	external
https://ubuntu.com/security/notices/USN-8095-1	external
https://ubuntu.com/security/notices/USN-8095-3	external
https://ubuntu.com/security/notices/USN-8095-4	external
https://ubuntu.com/security/notices/USN-8126-1	external
https://ubuntu.com/security/notices/USN-8125-1	external
https://ubuntu.com/security/notices/USN-8095-5	external
https://ubuntu.com/security/notices/USN-8165-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2249 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2249.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2249 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2249"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39960",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100914-CVE-2025-39960-f3f6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39961",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100916-CVE-2025-39961-09b1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39962",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100917-CVE-2025-39962-c0e0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-39963",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100917-CVE-2025-39963-b0ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-20719 vom 2025-10-24",
        "url": "https://linux.oracle.com/errata/ELSA-2025-20719.html"
      },
      {
        "category": "external",
        "summary": "Container-Optimized OS release notes vom 2025-10-28",
        "url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#October_20_2025"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025-20091-1 vom 2025-11-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVNKE6YBHUN7AVUHO7UZCJJGK4HYS62H/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:21080-1 vom 2025-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023429.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:21180-1 vom 2025-12-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023498.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:21147-1 vom 2025-12-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023511.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20015-1 vom 2026-01-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023727.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20021-1 vom 2026-01-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023723.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20012-1 vom 2026-01-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023715.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20112-1 vom 2026-01-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VAR5E3K2CEDVGJPL4HSCKQYB2XQD7AYZ/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20149-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023950.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20168-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023939.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20164-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023942.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20169-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023938.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20171-1 vom 2026-02-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024010.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20202-1 vom 2026-02-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024017.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20120-1 vom 2026-02-03",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PEJKNNWOBXY6QH746YIQRZDAHVNYS7TJ/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20561-1 vom 2026-03-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024578.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20562-1 vom 2026-03-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024577.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8100-1 vom 2026-03-17",
        "url": "https://ubuntu.com/security/notices/USN-8100-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8095-2 vom 2026-03-17",
        "url": "https://ubuntu.com/security/notices/USN-8095-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8095-1 vom 2026-03-17",
        "url": "https://ubuntu.com/security/notices/USN-8095-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8095-3 vom 2026-03-17",
        "url": "https://ubuntu.com/security/notices/USN-8095-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8095-4 vom 2026-03-23",
        "url": "https://ubuntu.com/security/notices/USN-8095-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8126-1 vom 2026-03-25",
        "url": "https://ubuntu.com/security/notices/USN-8126-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8125-1 vom 2026-03-25",
        "url": "https://ubuntu.com/security/notices/USN-8125-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8095-5 vom 2026-04-01",
        "url": "https://ubuntu.com/security/notices/USN-8095-5"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8165-1 vom 2026-04-10",
        "url": "https://ubuntu.com/security/notices/USN-8165-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2026-04-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-10T07:45:06.922+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2249",
      "initial_release_date": "2025-10-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-10-28T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-11-26T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-11-30T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-12-10T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-11T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-27T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-01-28T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-02T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-03T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE und openSUSE aufgenommen"
        },
        {
          "date": "2026-03-05T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-16T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-03-17T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-01T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Google Container-Optimized OS",
            "product": {
              "name": "Google Container-Optimized OS",
              "product_id": "1607324",
              "product_identification_helper": {
                "cpe": "cpe:/o:google:container-optimized_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.17.1",
                "product": {
                  "name": "Open Source Linux Kernel 6.17.1",
                  "product_id": "T047531",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.17.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-39960",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T027843",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2025-10-09T22:00:00.000+00:00",
      "title": "CVE-2025-39960"
    },
    {
      "cve": "CVE-2025-39961",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T027843",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2025-10-09T22:00:00.000+00:00",
      "title": "CVE-2025-39961"
    },
    {
      "cve": "CVE-2025-39962",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T027843",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2025-10-09T22:00:00.000+00:00",
      "title": "CVE-2025-39962"
    },
    {
      "cve": "CVE-2025-39963",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T027843",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2025-10-09T22:00:00.000+00:00",
      "title": "CVE-2025-39963"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-39963 (GCVE-0-2025-39963)

SUSE-SU-2026:20202-1

WID-SEC-W-2025-2249

Tags

Sightings

Nomenclature