Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticket_len - 10 * 4' by prechecking the length of what we're trying to extract in two places in the token and decoding for a response packet. Also use sizeof() on the struct we're extracting rather specifying the size numerically to be consistent with the other related statements.

INFO

Published Date :

2025-10-09T12:13:22.684Z

Last Modified :

2025-10-09T12:13:22.684Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39962 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39962.

URL Resource
https://git.kernel.org/stable/c/2429a197648178cd4dc930a9d87c13c547460564 cve-icon cve-icon
https://git.kernel.org/stable/c/71571e187106631a8127f2dde780f35caa358d33 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100917-CVE-2025-39962-c0e0@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39962 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39962 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact