CVE-2025-39880

High

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member without checking that the union member is active (i.e. msgr1 is in use). On 64-bit systems, con->v1.auth_retry overlaps with con->v2.out_iter, so such a read is almost guaranteed to return a bogus value instead of 0 when msgr2 is in use. This ends up being fairly benign because the side effect is just the invalidation of the authorizer and successive fetching of new tickets. con->v1.connect_seq overlaps with con->v2.conn_bufs and the fact that it's being written to can cause more serious consequences, but luckily it's not something that happens often.

Package Linux Kernel
Published 2025-09-23
Last modified 2026-01-20
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

7.8

out of 10
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-704

CVE-2025-39880 is a Incorrect Type Conversion or Cast vulnerability

What is Incorrect Type Conversion or Cast?

The product does not correctly convert an object, resource, or structure from one type to another. Learn more on MITRE CWE

Affected versions

Linux kernel versions 5.11 and later are affected. Fixed in 5.15.194, 6.1.153, 6.6.107, 6.12.48, 6.16.8, 6.17 and their respective stable series.

Affected from
≥ 5.11
Fixed in
✓ 5.15.194 5.15.x ✓ 6.1.153 6.1.x ✓ 6.6.107 6.6.x ✓ 6.12.48 6.12.x ✓ 6.16.8 6.16.x ✓ 6.17

References

The following references provide additional information about CVE-2025-39880 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

6 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2025-39880?

    CVE-2025-39880 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 , classified as an Incorrect Type Conversion or Cast flaw (CWE-704) . It affects Linux kernel versions from 5.11 onward and has been patched in 5.15.194, 6.1.153, 6.6.107 and others. CVE-2025-39880 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2025-39880?

    CVE-2025-39880 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H .

  • Is there a patch available for CVE-2025-39880?

    Yes — CVE-2025-39880 has been patched. Fixed versions include 5.15.194, 6.1.153, 6.6.107 and others. If you are running Linux kernel 5.11 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2025-39880 actively exploited?

    No — CVE-2025-39880 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

  • What is Incorrect Type Conversion or Cast (CWE-704)?

    The product does not correctly convert an object, resource, or structure from one type to another. View CWE-704 on MITRE CWE →

Back to
All CVEs
View on
NVD / NIST