CVE-2025-39812

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39812
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39812.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39812
Downstream
Related
Published
2025-09-16T13:00:14.103Z
Modified
2026-05-07T04:18:02.692505Z
Summary
sctp: initialize more fields in sctp_v6_from_sk()
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: initialize more fields in sctpv6from_sk()

syzbot found that sin6scopeid was not properly initialized, leading to undefined behavior.

Clear sin6scopeid and sin6_flowinfo.

BUG: KMSAN: uninit-value in __sctpv6cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 __sctpv6cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 sctpinet6cmpaddr+0x4f2/0x510 net/sctp/ipv6.c:983 sctpbindaddrconflict+0x22a/0x3b0 net/sctp/bindaddr.c:390 sctpgetportlocal+0x21eb/0x2440 net/sctp/socket.c:8452 sctpgetport net/sctp/socket.c:8523 [inline] sctplistenstart net/sctp/socket.c:8567 [inline] sctpinetlisten+0x710/0xfd0 net/sctp/socket.c:8636 __syslistensocket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __dosyslisten net/socket.c:1932 [inline] __sesyslisten net/socket.c:1930 [inline] _x64syslisten+0x343/0x4c0 net/socket.c:1930 x64syscall+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls64.h:51 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xd9/0x210 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f

Local variable addr.i.i created at: sctpgetport net/sctp/socket.c:8515 [inline] sctplistenstart net/sctp/socket.c:8567 [inline] sctpinetlisten+0x650/0xfd0 net/sctp/socket.c:8636 __syslistensocket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __dosyslisten net/socket.c:1932 [inline] __sesyslisten net/socket.c:1930 [inline] __x64syslisten+0x343/0x4c0 net/socket.c:1930

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39812.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
45e4b36593edffb7bbee5828ae820bc10a9fa0f3
Fixed
9546934c2054bba1bd605c44e936619159a34027
Fixed
17d6c7747045e9b802c2f5dfaba260d309d831ae
Fixed
65b4693d8bab5370cfcb44a275b4d8dcb06e56bf
Fixed
463aa96fca6209bb205f49f7deea3817d7ddaa3a
Fixed
1bbc0c02aea1f1c405bd1271466889c25a1fe01b
Fixed
f6c2cc99fc2387ba6499facd6108f6543382792d
Fixed
2e8750469242cad8f01f320131fd5a6f540dbb99

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39812.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.12
Fixed
5.4.298
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.242
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.191
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.150
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.104
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.45
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39812.json"