Description

In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genl_bind() invoking bind() after -EPERM Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners. However, in genl_bind() the bind() callback was invoked even if capability checks failed and ret was set to -EPERM. This means that callbacks could run on behalf of unauthorized callers while the syscall still returned failure to user space. Fix this by only invoking bind() after "if (ret) break;" check i.e. after permission checks have succeeded.

INFO

Published Date :

2025-10-01T08:07:13.883Z

Last Modified :

2026-01-14T17:42:45.424Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39926 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39926.

URL Resource
https://git.kernel.org/stable/c/1dbfb0363224f6da56f6655d596dc5097308d6f5 cve-icon cve-icon
https://git.kernel.org/stable/c/8858c1e9405906c09589d7c336f04058ea198207 cve-icon cve-icon
https://git.kernel.org/stable/c/98c9d884047a3051c203708914a874dece3cbe54 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100125-CVE-2025-39926-06ea@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39926 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39926 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact