How to fix CVE-2025-39946?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Linux affected by CVE-2025-39946?

CVE-2025-39946 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. A patch is available and should be applied during regular vulnerability management.

CVE-2025-39946

EUVD-2025-32393 CRITICAL

2025-10-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Apr 06, 2026 - 13:30 vuln.today

Public exploit code

Patch Released

Apr 06, 2026 - 13:30 nvd

Patch available

Analysis Generated

Mar 13, 2026 - 19:56 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:56 euvd

EUVD-2025-32393

CVE Published

Oct 04, 2025 - 08:15 nvd

CRITICAL 9.8

Description

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent connection stalls. Make sure that we abort the connection when we find out late that the record is actually invalid. Retrying the parsing is fine in itself but since we copy some more data each time before we parse we can overflow the allocated skb space. Constructing a scenario in which we're under pressure without enough data in the socket to parse the length upfront is quite hard. syzbot figured out a way to do this by serving us the header in small OOB sends, and then filling in the recvbuf with a large normal send. Make sure that tls_rx_msg_size() aborts strp, if we reach an invalid record there's really no way to recover.

Analysis

CVE-2025-39946 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available.

Technical Context

Vulnerability type not specified by vendor.

Affected Products

['Unspecified product']

Remediation

Apply the vendor-supplied patch immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: +20

Vendor Status

CVE-2025-39946 vulnerability details – vuln.today

Back

CVE-2025-39946

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-39946

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code