CVE-2025-39702

Advisory lineage Upstream: 0 Downstream: 57

Downstream

DEBIAN-CVE-2025-39702 DLA-4328-1 DLA-4475-1 DSA-6008-1 DSA-6009-1 MGASA-2025-0234

Modified

Published: 05 Sept 2025, 17:21

Last modified:12 May 2026, 12:06

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7 HIGH

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Sept 2025, 17:21

Published

Vulnerability first disclosed

12 May 2026, 12:06

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

CVSS Metrics

v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 11%

Techniques & Countermeasures

CWE-203•Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

Affected Systems

debian•debian_linux
11.0
linux•linux
≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < ff55a452d56490047f5233cc48c5d933f8586884 | ≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < 3b348c9c8d2ca2c67559ffd0e258ae7e1107d4f0 | ≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < 86b6d34717fe0570afce07ee79b8eeb40341f831 | ≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < 3ddd55cf19ed6cc62def5e3af10c2a9df1b861c3 | ≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < b3967c493799e63f648e9c7b6cb063aa2aed04e7 | ≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < f7878d47560d61e3f370aca3cebb8f42a55b990a | ≥ bf355b8d2c30a289232042cacc1cfaea4923936c, < a458b2902115b26a25d67393b12ddd57d1216aaa | 4.10
linux•linux_kernel
≥ 4.10, < 5.15.190 | ≥ 5.16, < 6.1.149 | ≥ 6.2, < 6.6.103 | ≥ 6.7, < 6.12.44 | ≥ 6.13, < 6.16.4 | 6.17:rc1 | 6.17:rc2