CVE-2025-39946

Published Oct 4, 2025

Last updated 11 hours ago

Linux Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-39946 refers to a vulnerability in the Linux kernel. Specifically, it addresses an issue within the Transport Layer Security (TLS) subsystem related to the handling of potentially invalid headers. The vulnerability arises because the kernel might not properly abort a stream when it belatedly discovers that a record is invalid. The flaw is triggered within the `tls_rx_msg_size()` function in `net/tls/tls_sw.c`, where an out-of-bounds read error can occur. This can be exploited locally to cause a denial-of-service (DoS) attack. It was discovered that by serving a header in small out-of-band sends and then filling the receive buffer with a large normal send, the allocated skb space could be overflowed.

Description
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent connection stalls. Make sure that we abort the connection when we find out late that the record is actually invalid. Retrying the parsing is fine in itself but since we copy some more data each time before we parse we can overflow the allocated skb space. Constructing a scenario in which we're under pressure without enough data in the socket to parse the length upfront is quite hard. syzbot figured out a way to do this by serving us the header in small OOB sends, and then filling in the recvbuf with a large normal send. Make sure that tls_rx_msg_size() aborts strp, if we reach an invalid record there's really no way to recover.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Awaiting Analysis

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

15

  1. 🚨 Critical Linux kernel vulnerability (CVE-2025-39946) allows memory corruption via malformed TLS headers. Affects versions before 6.12.49. Attackers can achieve kernel code execution through pagetable overwrites. Patch immediately or disable CONFIG_TLS. Read Details - https:

    @cyberkendra

    5 Oct 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. GitHub - farazsth98/exploit-CVE-2025-39946: Exploit for CVE-2025-39946, a bug in the Linux kernel's net/tls subsystem. - https://t.co/tOH20tg52C

    @piedpiper1616

    5 Oct 2025

    6755 Impressions

    27 Retweets

    113 Likes

    56 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-39946 Linux Kernel TLS Vulnerability https://t.co/PDpPTlzlF0

    @VulmonFeeds

    4 Oct 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.