VYPR
High severity7.1NVD Advisory· Published Sep 19, 2025· Updated May 12, 2026

CVE-2025-39839

CVE-2025-39839

Description

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix OOB read/write in network-coding decode

batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write.

Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

118

Patches

Vulnerability mechanics

References

12

News mentions

1