Skip to main content

Linux CVE-2025-39702

HIGH
Observable Discrepancy (CWE-203)
2025-09-05 416baaa9-dc9f-4396-8d5f-8c081fb06d67
7.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
5.5 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Red Hat
7.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Sep 05, 2025 - 18:15 nvd
HIGH 7.0

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: Fix MAC comparison to be constant-time

To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

AnalysisAI

A timing attack vulnerability exists in the Linux kernel's IPv6 Segment Routing (SR) implementation where MAC (Message Authentication Code) comparisons are performed using non-constant-time operations. This timing side-channel weakness (CWE-203) affects multiple Linux kernel versions and could allow a local attacker with low privileges to potentially extract cryptographic secrets by measuring subtle timing differences during MAC validation. With an EPSS score of 0.02% (4th percentile), exploitation likelihood is very low, and patches are available from the vendor.

Technical ContextAI

The vulnerability resides in the Linux kernel's IPv6 Segment Routing (SR) module, specifically in MAC comparison logic. The affected code uses timing-variable string comparison instead of constant-time comparison functions when validating Message Authentication Codes. This creates a side-channel vulnerability (CWE-203: Observable Discrepancy) where an attacker can measure execution time differences to infer information about secret values byte-by-byte. The CPE data indicates affected products include the Linux kernel mainline (cpe:2.3:o:linux:linux_kernel) across multiple version ranges and release candidates (6.17 RC1, RC2), as well as Debian Linux 11.0. IPv6 Segment Routing is an extension that allows defining explicit packet paths through IPv6 networks, and the HMAC verification is critical for authenticating segment routing headers.

RemediationAI

Apply the appropriate kernel patch from the official Linux kernel stable tree based on your kernel version. Patches are available at https://git.kernel.org/stable/c/3b348c9c8d2ca2c67559ffd0e258ae7e1107d4f0, https://git.kernel.org/stable/c/3ddd55cf19ed6cc62def5e3af10c2a9df1b861c3, https://git.kernel.org/stable/c/86b6d34717fe0570afce07ee79b8eeb40341f831, https://git.kernel.org/stable/c/a458b2902115b26a25d67393b12ddd57d1216aaa, https://git.kernel.org/stable/c/b3967c493799e63f648e9c7b6cb063aa2aed04e7, https://git.kernel.org/stable/c/f7878d47560d61e3f370aca3cebb8f42a55b990a, and https://git.kernel.org/stable/c/ff55a452d56490047f5233cc48c5d933f8586884. Debian users should follow the guidance in the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html and update to patched kernel versions through their package manager. As a temporary mitigation if immediate patching is not possible, consider disabling IPv6 Segment Routing functionality if it is not required for operations, or restrict local access to systems where this feature is critical.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-3.64 Container suse/sl-micro/6.0/toolbox:13.2-6.19 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.65 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.88 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.105 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.52 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Affected

Share

CVE-2025-39702 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy