CVE-2025-39839 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix OOB read/write in network-coding decode

batadv_nc_skb_decode_packet() trusts coded_len and checks only against
skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing
payload headroom, and the source skb length is not verified, allowing an
out-of-bounds read and a small out-of-bounds write.

Validate that coded_len fits within the payload area of both destination
and source sk_buffs before XORing.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183
https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c
https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f
https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863
https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48
https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1
https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087
https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a

History

Fri, 19 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing.
Title		batman-adv: fix OOB read/write in network-coding decode
References		https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183 https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863 https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48 https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1 https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087 https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-19T15:26:14.688Z

Updated: 2025-09-19T15:26:14.688Z

Reserved: 2025-04-16T07:20:57.141Z

Link: CVE-2025-39839

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-19T16:15:42.570

Modified: 2025-09-19T16:15:42.570

Link: CVE-2025-39839

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object