CVE-2025-39926

MEDIUM 5.5

genetlink: fix genl_bind() invoking bind() after -EPERM

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genl_bind() invoking bind() after -EPERM Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners. However, in genl_bind() the bind() callback was invoked even if capability checks failed and ret was set to -EPERM. This means that callbacks could run on behalf of unauthorized callers while the syscall still returned failure to user space. Fix this by only invoking bind() after "if (ret) break;" check i.e. after permission checks have succeeded.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 1, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 98c9d884047a3051c203708914a874dece3cbe54 3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 8858c1e9405906c09589d7c336f04058ea198207 3de21a8990d3c2cc507e9cc4ed00f36358d5b93e < 1dbfb0363224f6da56f6655d596dc5097308d6f5

Linux / Linux

6.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/98c9d884047a3051c203708914a874dece3cbe54 git.kernel.org: https://git.kernel.org/stable/c/8858c1e9405906c09589d7c336f04058ea198207 git.kernel.org: https://git.kernel.org/stable/c/1dbfb0363224f6da56f6655d596dc5097308d6f5