VYPR
Unrated severityNVD Advisory· Published Oct 13, 2025

xfrm: xfrm_alloc_spi shouldn't use 0 as SPI

CVE-2025-39965

Description

In the Linux kernel, the following vulnerability has been resolved:

xfrm: xfrm_alloc_spi shouldn't use 0 as SPI

x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value.

__xfrm_state_delete doesn't remove those states from the byspi list, since they shouldn't be there, and this shows up as a UAF the next time we go through the byspi list.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

195

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.