CVE-2025-39673
- Source
- https://cve.org/CVERecord?id=CVE-2025-39673
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39673.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39673
- Downstream
- Related
- Published
- 2025-09-05T17:20:38.769Z
- Modified
- 2026-03-20T12:43:00.384131Z
- Summary
- ppp: fix race conditions in ppp_fill_forward_path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix race conditions in pppfillforward_path
pppfillforward_path() has two race conditions:
The ppp->channels list can change between listempty() and listfirstentry(), as ppplock() is not held. If the only channel is deleted in pppdisconnectchannel(), listfirstentry() may access an empty head or a freed entry, and trigger a panic.
pch->chan can be NULL. When pppunregisterchannel() is called, pch->chan is set to NULL before pch is removed from ppp->channels.
Fix these by using a lockless RCU approach: - Use listfirstornullrcu() to safely test and access the first list entry. - Convert list modifications on ppp->channels to their RCU variants and add synchronize_net() after removal. - Check for a NULL pch->chan before dereferencing it.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39673.json" }- References
-
- https://git.kernel.org/stable/c/0417adf367a0af11adf7ace849af4638cfb573f7
- https://git.kernel.org/stable/c/0f1630be6fcca3f0c63e4b242ad202e5cde28a40
- https://git.kernel.org/stable/c/94731cc551e29511d85aa8dec61a6c071b1f2430
- https://git.kernel.org/stable/c/9a1969fbffc1f1900d92d7594b1b7d8d72ef3dc7
- https://git.kernel.org/stable/c/ca18d751bcc9faf5b7e82e9fae1223d103928181
- https://git.kernel.org/stable/c/f97f6475fdcb3c28ff3c55cc4b7bde632119ec08
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39673.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39673
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf6efc675c9dd8d93f826b79ae7e33e03301db609Fixed9a1969fbffc1f1900d92d7594b1b7d8d72ef3dc7Fixed0f1630be6fcca3f0c63e4b242ad202e5cde28a40Fixedca18d751bcc9faf5b7e82e9fae1223d103928181Fixed94731cc551e29511d85aa8dec61a6c071b1f2430Fixedf97f6475fdcb3c28ff3c55cc4b7bde632119ec08Fixed0417adf367a0af11adf7ace849af4638cfb573f7