CVE-2025-39962

UNKNOWN 0.0

rxrpc: Fix untrusted unsigned subtract

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticket_len - 10 * 4' by prechecking the length of what we're trying to extract in two places in the token and decoding for a response packet. Also use sizeof() on the struct we're extracting rather specifying the size numerically to be consistent with the other related statements.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 9, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 71571e187106631a8127f2dde780f35caa358d33 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a < 2429a197648178cd4dc930a9d87c13c547460564

Linux / Linux

6.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/71571e187106631a8127f2dde780f35caa358d33 git.kernel.org: https://git.kernel.org/stable/c/2429a197648178cd4dc930a9d87c13c547460564