CVE-2025-39702

Vulnerability

Description

CVE-2025-39702 addresses a timing side-channel vulnerability in the Linux kernel's IPv6 Segment Routing (SR) implementation. The flaw resided in the function responsible for comparing Message Authentication Codes (MACs) within the SR header. The original code used a standard, non-constant-time comparison (likely memcmp()), which leaks information about the MAC value through variations in execution time [1]. This type of leak is a classic cryptographic timing side-channel [1].

Exploitation

An attacker with the ability to send crafted IPv6 packets to a vulnerable system and observe the timing of the response could exploit this weakness. By sending packets with progressively guessed MAC values and measuring the time taken for the comparison, the attacker can determine the correct MAC byte-by-byte [1]. The attack is likely remote, requires no authentication, and can be performed over a network path that allows accurate timing measurements. No reference describes a practical exploit; however, the theoretical attack surface is clear from the description.

Impact

Successful exploitation would allow an attacker to forge valid HMAC-authenticated Segment Routing Header (SRH) MACs. An attacker who can authenticate a forged SRH can bypass security policies that rely on MAC verification—such as those defined in RFC 8754—and redirect traffic through arbitrary segment paths. The CVSSv3 base score is 7.0 (High), reflecting the potential for confidentiality and integrity impacts via traffic interception or manipulation.

Mitigation

The fix was included in the mainline Linux kernel and backported to stable releases [2][3][4]. Affected distributions should apply the corresponding security updates. Users are advised to update their kernels to a version containing the commit that replaces the non-constant-time MAC comparison with a constant-time helper function [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.